Let’s assume the CEO wants to put a backdoor in the 1million+ lines of code.
He then has to consult with the CTO about which area can be more suitable for this.
The CTO then has to call the team leader of that particular portion and ask him to commit new
changes. The team leader will ask the developer who wrote the portion of the code around this
area to push commits.
That’s roughly how such processes are done in pretty much every 10+ employees startup to 10k employees
mega corporations, although the bigger it is the harder it gets to keep it in secret.
The implications of such things will be huge once it’s leaked, since it will create a mass scandal and distrust
from all the user base, and can potentially bankrupt the brand. No CEO will attempt it, at least not in democratic
countries where the majority of business software originates from.
There are allegations about Huawei doing malicious things in both software and hardware,
but in China the laws are different and so is the mindset of corporations.
Look how badly it affected the brand, nobody wants to use them in the government sector, in 5G deployments,
etc. And that is only because of an allegation.