[gitaarik]

How would you secretly hide something like that in FOSS? And why would that be easier? It's seems to me that it's easier to inject into an existing company than to do all the work yourself. This is what they do with most things as I understand.

[Lt_Riza_Hawkeye]

The heartbleed vulnerability was hidden in plain sight for the better part of a decade, no?

[gitaarik]

Yes, but that was a memory leak, giving access to unauthorized random memory. That is not an intentionally created exploit / backdoor which gives the owner easy access to the victim's system.