Re: Compared to this... @STB
You've missed the point - but to be fair, so did the OP.
Finding exploits doesn't require the source code, but fixing exploits does.
It's also much easier to fix an exploit than to find one. Eg a use-after-free
Once an exploit is found, there are two scenarios:
A) Closed-source software. Only the organisation that owns the software can choose to spend the resources to fix it.
B) Open-source software. Any entity can choose to spend the resources needed to fix it.
If you depend on that software, then under (A) you can request that the owner fixes it. If they do not, then you can either stop using the software or live with the consequences of the exploit.
Under (B), you can request that the organisation that made it fixes it. If they do not, then you can arrange for somebody else to fix it.
Under (A), if the entity that owns it has lost the source code or closed down, you are done for.