The discovery last week of a backdoor in a widely used open source compression library called xz could have been a security disaster had it not been caught by luck and atypical curiosity about latency from a Microsoft engineer. Yet the fortunate find has led industry observers to conclude not much will change to prevent this threat scenario from reoccurring, and that similar, ongoing efforts to compromise software infrastructure may have been missed.

Source: The Register