> How hard would it be for most programmers to put in a backdoor they could later claim was a bug?
My guess is that is actually pretty fricking hard, as otherwise it'd be happening all the time. I.e. you can maybe make a backdoor to something without monetary consequences (even in a bank most systems don't handle money), but introducing a backdoor to the core system (i.e. a money-dealing one) in such a way that it is not noticed in code reviews or testing AND you can claim plausible deniability seems hard.
My guess is that is actually pretty fricking hard, as otherwise it'd be happening all the time. I.e. you can maybe make a backdoor to something without monetary consequences (even in a bank most systems don't handle money), but introducing a backdoor to the core system (i.e. a money-dealing one) in such a way that it is not noticed in code reviews or testing AND you can claim plausible deniability seems hard.