I doubt anyone will argue that it’s easier to find exploits in closed-source code, but it’s really not that much more difficult. Like, maybe an order of magnitude harder at most. To a nation-state, does it really matter that a zero day chain costs $100,000 rather than $1,000,000?
