Well, to be fair, they don't really have a choice in the matter.
Open it out to code review by only a few number of people, mainly governments, and you are opening it out to a small set of people doing code review explicitly driven by the primary intention of finding vulnerabilities in it. This would apply to even the US govt, who routinely request software vendors to delay patching or even disclosing 0-day vulnerabilities till they have sufficiently exploited it.
Allowing more scrutiny will work only if enough eyeballs are devoted to it driven by benevolent intentions. Best results would be to open source the whole thing but that would not make business sense to the company.
Basically, either you open it out completely or not open it up at all. Opening out to a few government funded hackers is probably the worst choice they could make.
Open it out to code review by only a few number of people, mainly governments, and you are opening it out to a small set of people doing code review explicitly driven by the primary intention of finding vulnerabilities in it. This would apply to even the US govt, who routinely request software vendors to delay patching or even disclosing 0-day vulnerabilities till they have sufficiently exploited it.
Allowing more scrutiny will work only if enough eyeballs are devoted to it driven by benevolent intentions. Best results would be to open source the whole thing but that would not make business sense to the company.
Basically, either you open it out completely or not open it up at all. Opening out to a few government funded hackers is probably the worst choice they could make.