Weaknesses in random number generation are arguably easier to spot in instrumented binaries and dynamic analysis than they are with static analysis. Auditing an RNG from source involves enough mental modeling to trace random numbers and track the state of whatever generator provided them.