[gggmaster]

But for a closed source one there’s definitely no way to audit the source code.

[fiddlerwoaroof]

Sure there is: tools like strace, dtrace and eBPF let you “peak under the hood” of nearly any application, not to mention disassemblers like IDA Pro and Ghidra.

I have debugged all sorts of issues with closed source applications using these tools.