The issue of coders purposely adding time bombs and backdoors to their code has been a potential problem for almost as long as programs have been written. One of my favorite historical exploits is the one described by Ken Thompson about a modified version of the Unix C compiler.
A programmer’s motives for embedding such exploits into their own code can range from wanting to seek revenge for a real or imagined slight, to retain access to a resource, just to see if it can be done, and of course, to
make steal money typically with applications that deal with money.
But Bruce Schneler, in his recent blog posting “The Vulnerabilities Market and the Future of Security“, describes an emerging way for unscrupulous coders to monetize vulnerabilities purposely baked right into the code, or at the very least, not report discovered vulnerabilities to their employer.