The United States also has laws against tampering with computer systems without authorization. And yet, someone attempted to insert a conduit for exactly that purpose into liblzma via xz-utils.

It is unconscionably naive to think that the presence of law has any bearing on the actions of nation-states engaged in sabotage and espionage. And, even if it did, it would be ridiculous to think that countries - who routinely embed intelligence assets within each other using plans on five to ten year time scales - wouldn't be doing the same to major corporations.

I never said that Microsoft was evil. I certain think it is a waste, and generally results in a product which is at its heart inferior in terms of the overall quality-per-dollar.

As for Andres Freund? It is true that he is a Microsoft employee. And that his work had little to do with xz-utils in a direct, professional capacity. He stumbled upon this backdoor mostly through a combination of being in the right place at the right time and intuitive experience which probably deserves some kind of medal. He investigated on his own initiative as a result of personal curiosity. His discovery of this backdoor is only tangential at best to his employment at Microsoft.