Maybe open-source software is today's standard, but I imagine it wasn't back when those airliners were first designed.
Now, imagine they did open-source their code: I imagine those codebases are humongous and it would take months if not years for security issues to be found by the community. How do you make sure that a bad actor doesn't find a flaw before the community does and uses it?
So open-sourcing sounds totally unrealistic to me.
I think that's the exact point the parent was making. They don't want it open-sourced, because they already can access it, and open-sourcing would only mean that good guys will have access to it too.
I don't think this is a realistic depiction of the threat model of people who would hack commercial jets. Sure, state sponsored APTs probably could access it if they wanted, but none of them are in the business of crashing passenger planes. Maybe tracking them or grounding them or stuff like that, but they already have those capabilities through economic or bureaucratic or military power. The "bad actors" of concern here are the same types that have brought down passenger planes before - small, independent groups or lone wolves. And they are the ones who would benefit from the code being open sourced.
The ones who would benefit from it being open sourced are the passengers and plots. Your excuse is mitigatiable, release it picewise, starting with the customer facing code to trusted outside groups.
Ultimately your argument applies to all life or death code, even code we put inside our bodies, which as you mentioned, is also highly specific and specalized.
Because the bar is higher there should be less review is a contradiction.
APT (often not a State) conversations are pointless where plausible deniability is ignored as a desirable property.
Open-source obviously doesn't imply security as it can be seen by security-critical open source software like openssl which repeatedly showed that it contained very critical bugs for a long time without anybody noticing it.
No one really would benefit from open sourcing it without being able to (security) test it in realistic scenarios. Obviously security researchers would profit in discovering bugs which may have no relevance in reality, to increase their fame.
Now, imagine they did open-source their code: I imagine those codebases are humongous and it would take months if not years for security issues to be found by the community. How do you make sure that a bad actor doesn't find a flaw before the community does and uses it?
So open-sourcing sounds totally unrealistic to me.