And paid six figures for outside help. The FBI's approach "was not tailored for Tails" - surely if they had any approach that would work they would use it.
If the government couldn't break in to Tails and required the outside help of two well-resourced organisations to find (and burn) a single exploit then overall that seems a pretty good endorsement of the security of a volunteer open-source project.
Thats 100k for Facebook. They have the ability to find these white- or black-hat folks, and pay them. For you, random dude or dudette on the street, that might be a little more expensive.
I would assume a huge, IT-focused org like FB already has 3-4 high-end security orgs doing pen-testing and digging for zero-days in their code; they just poured a little sugar on top of an existing contract to help squash this one online predator douche.
If the government couldn't break in to Tails and required the outside help of two well-resourced organisations to find (and burn) a single exploit then overall that seems a pretty good endorsement of the security of a volunteer open-source project.