on that last … it depends at what level of the code you are trying to audit your software …
if you are trying to see the code of the higher levels on closed-hardware you might be able to do some BASIC auditing going (if you use GNU+Linux) but with the lower levels being not-free-software (i.e not even open-source - firmware,IME,the micro-architecture of the CPU,etc.) you are hitting a dead end …
still there is hope that those lower levels might NOT get exploited if you aren’t a high enough target
even then there remains the question of hardware longevity … if the lower levels of the code come with a “time-bomb” from the manufacturer you will find out that after a certain amount of predetermined time “your” device suddenly dies or has some other pain-in-the-ass problem that will render it unusable enough for you to “want” to get a new one 
