I don’t think your feasible alternative is assessing the massively skewed information asymmetry at play.
Given you are the most successful computer company on the planet, and the entire planet is connected by your products within two degrees of separation in a network; then the only thing you gain is a loss as any auditor is in a position of being unmatched in every category at best and at worst is an active agent who will dissipate information increasing vulnerability and attack surface.
Bug bounties work well to solve this, and that’s how it’s done.
Given you are the most successful computer company on the planet, and the entire planet is connected by your products within two degrees of separation in a network; then the only thing you gain is a loss as any auditor is in a position of being unmatched in every category at best and at worst is an active agent who will dissipate information increasing vulnerability and attack surface.
Bug bounties work well to solve this, and that’s how it’s done.