Re: Given that 15+ year old bugs have recently been found in some much used Open Source has
You don't need to have everyone read the code, only a few people. There will always be enough people looking at the open source parts of Android, simply due to its importance. That doesn't guarantee they find all security issues of course, but it guarantees Google can't hide anything nasty within it. It is open source software with much smaller userbases that are more of a problem, because there may not be anyone motivated to examine the code.