It's not that SUSE can't find things, it's simply that they have an entire team who does nothing but security, and does security audits on code like Open BSD does, so before it's released, it's already been tested, that's that.