Re: zero-day vulnerabilities that Hacking Team thought it had all to itself
Usually people are more interested in writing new code (because of commercial reasons, or even personal achievements) than reviewing old one, unless someone explicitly asks and provides resources for that. Even in open source code we saw big bugs undetected for years, most programmers prefer to write new code, and not read old one, unless theiy're forced to.
Especially flawed logic may be difficult to spot bcause it requires a deep knowledge of what the code attempts, and then verifying it does it in the correct way.
Writing secure code needs two efforts: learn how to write it from the start, and the have reviews to spot and fix whatever escapes, and the go back to teach how to avoid those mistakes. Unluckily, for years writing new code quickly often using languages and libraries with very little built-in security in the hands of barely skilled developers, lead to a big backlog of issues, that only now are being tackled.
IMHO, it's more an issue of bad coding than deliberate placement of backdoors.