But a subtle buffer overrun resulting in a 0day that's only obvious to the writers - that's much more likely.
Check out the Underhanded C contest for examples of ways exploits can hide in plain sight.
EDIT: I'm not saying that's what going to happen with Alibaba & MariaDb. I'm just saying that "open source" != "free of exploits and backdoors". One of the biggest untruths about open source is that, with enough eyeballs, all bugs are shallow.
Only if the backdoor is obvious. I doubt they would introduce a backdoor that reads
`if ($PWD = "supersecretbackdoorpwd") loginAs("root");`
But a subtle buffer overrun resulting in a 0day that's only obvious to the writers - that's much more likely.
Check out the Underhanded C contest for examples of ways exploits can hide in plain sight.
EDIT: I'm not saying that's what going to happen with Alibaba & MariaDb. I'm just saying that "open source" != "free of exploits and backdoors". One of the biggest untruths about open source is that, with enough eyeballs, all bugs are shallow.