> "And this includes shipping a large testing base btw."
And that code is indeed available. The code which is used to test Xen is available and the code which is used to test XenServer is available. Of course there are other testing code bases from other vendors that use Xen which are not. Unfortunately, you will need a rather large HW installation with many different machine types to set it up.
However, I did want to point out, that traditional unit and functional testing, does not normally pick up security issues. To do this, you do need run fuzzing and other tools designed to find security issues. And in fact such tools are run regularly on the Xen codebase. But understandably, such code cannot be published without giving blackhats the tools to run them themselves.
> You still need to recruit enough eyes and make what the code does visible in the first place.
I guess that's an argument for open source?