Just because you have access to the entire source code of Linux kernel, doesn't mean you'll be able to find all the bugs in it. Sometimes the numbers may add-up but it is the patterns which may be suspicious. Automation like sanity checks/pattern matching etc (+ ML now a days) would help a great deal but even then it is not a guarantee.
Bad analogy. Auditors have conflict of interests and risk losing clients if they keep asking too many 'wrong' questions. Reputable ones will refuse to sign the final audit. Less reputable ones will even help clients cook the book.
It's more akin to you being denied Linux maintainer privilege if you keep finding bugs and annoy Linus in the forum. Which is hardly the case (heh).
