Martin Minow wrote:
Frank O'Dwyer <fod@brd.ie> opines:
Yes it does, but not quite in the same way. For example, I believe that in days of yore some attackers managed to insert a back door into some DEC OS by breaking into the coding environment (I don't recall the details, does anyone else?).
<http://www.acm.org/classics/sep95/> describes how the inventors of Unix inserted a backdoor into the Unix login program. It's well worth reading. However, there is no indication that this trojan horse ever shipped to customers.
No, that is a different incident. These were external attackers who managed to patch the source, and as far as I know it did ship. Could be an urban myth I guess, but it's clearly a plausible attack.
So in other words, not only _could_ this happen with non-OSS, it _has_ happened, and no doubt it happens reasonably often.
I doubt it.
OK, "reasonably often" is overstating it, perhaps :) Cheers, Frank O'Dwyer.