[ngneer]

We used to use this as a cautionary tale in the CS department security course at the Technion. First, to highlight trust relationships in the "supply chain" (as the notion is now known in contemporary usage). Second, to pose the question of whether open source is inherently more trustworthy.

[laweijfmvo]

I guess you could argue that more [evil] people would try to backdoor the linux kernel than there are [malicious] people inside private companies, but the level of trust inside a private company is probably much higher? Seems complex

[ngneer]

You hit the nail on the head. It is a complex question without a straightforward answer.