For decades, industrial control systems (ICS) have experienced an increasing frequency of cyber attacks, which in turn have increased in sophistication. Consequently, secure programmable logic controller (PLC) programming practices are becoming crucial as more adversaries are attaining the capability to gain a foothold in the ICS environment and directly attack the physical process through exploiting vulnerable PLC code. Existing programming practices involve the frequent use of vendor-provided, proprietary library functions, which cannot be viewed or edited, inhibiting the incorporation of secure PLC programming practices. This work begins by exploring the viability of open-source PLC functions as an alternative because of their open nature and potential for broader adoption of secure PLC programming practices. However, when analysed, the selected open-source PLC functions are found to contain the same vulnerabilities as those provided by the vendor. In response, a conceptual framework for a community-driven initiative is proposed that would acquire open-source PLC functions and their supporting documentation, review them for vulnerabilities and apply secure PLC coding practices, and finally disseminate the newly-secured, open-source PLC functions for wider use.