Yes, but these days commercial OSes are seeing a hefty uptick in "first party malware," so to speak, making a third party audit attractive for reasons completely independent from technical integration.