[muricula]

Source code access makes surprisingly little practical difference for discovering security vulnerabilities. People routinely find security vulnerabilities in major closed source operating systems like Windows and iOS and submit their findings to MS/Apple for bounty, or sell them to exploit brokers. Reverse engineering tools like Ghidra can decompile code back to C to make auditing easier, and black box fuzzers have proven massively useful for discovering vulnerabilities without auditing code line by line.

Tiktok is far smaller, and has a smaller attack surface. If there was money in it, people would audit Tiktok all day.

[blooalien]

Open source makes security vulnerabilities and bugs somewhat easier to discover, but the real benefit is that it makes them easier to fix once discovered. With proprietary closed-source codebases, you must wait for them what have access to fix anything reported, which in some cases never happens, or can take a very long time. With open source, anyone who has the knowledge and skill can step up and fix anything they feel like, and submit said fix back to the codebase for review and possible inclusion, or fork the code and apply the fix themselves if necessary.