I'll dupe my reply to this dupe, but only because I have a clue of what I'm talking about.
I work for a medical device manufacturer. We don't make a life-essential device, but all the laws apply to us as well as the manufacturers that make critical devices. The FDA already has the power to examine a manufacturer's source code. When they come in to perform an inspection, the inspectors have the same powers as federal marshals. They can look at anything - just time and resources are the limiting factors. When a device is submitted for FDA clearance, there is a lot of software documentation that has to be included in the application. Our software section is one of the thicker sections in an application. Depending on the level of concern of the device, a manufacturer has to submit all test results, software detailed design, etc. The stuff we have to do during development here is incredible and we're a minor level of concern.
Regulation requires that all designs be periodically, formally reviewed. It requires that the review includes an independent reviewer and that reviewers are just as (if not more) technically competent than the designer. The FDA may not have the resources to review every line of code, but they do have the resources to look at the documentation from the reviews and to look at the documentation listing the qualifications of the reviewers.
Manufacturers are required to conduct risk assessments for their devices and identify any/all reasonably foreseeable hazards and to mitigate those hazards until they are as low as reasonably practicable or the clinical benefit to the patient outweighs the risk. The risk assessment must be conducted by clinical and technical experts. Each mitigation (or fix or change to a line of code) has to be re-evaluated for risk and possible repercussions to the rest of the device. Testing is also quite rigorous and safety and reliability are the top priorities. Our testing takes months. Changes that affect safety may have to be tested in expensive clinical trials on human subjects and the results resubmitted to the FDA for clearance.
Perhaps by having the public look at source code there will be some bugs found. But I'm sure that the bug has already been considered as part of the manufacturer's risk assessment, and any fixes for that bug will not be fast in coming considering the heavyweight nature of the development process.