We ensure that we do audits on the organizations that provide source code to us. We certainly have access to some of the source code. We build some source code. Where we don't have access to the source code, we go through a rigorous risk assessment process with the company that provides it to us.
On April 8th, 2019. See this statement in context.