There are many auditors who will do a good and fair job.
This is especially true if the audit is not intended to be publicly shared, but rather for the internal consumption of the company in question.
I'd still say an audit where the reviewers are skilled professionals, but biased by the source of income, is better than the average open source project where few people will do such a thorough audit ever; likely none after the original author, excepting special cases like Linux.
There are many auditors who will do a good and fair job.
This is especially true if the audit is not intended to be publicly shared, but rather for the internal consumption of the company in question.
I'd still say an audit where the reviewers are skilled professionals, but biased by the source of income, is better than the average open source project where few people will do such a thorough audit ever; likely none after the original author, excepting special cases like Linux.