Until they research directly the machine code, because backdoors would be injected using our dear open source compilers which are obfuscated by complexity and size. For instance the C/kernel-C/rust/c++/D/F/go/javavm/python/perl/php/etc code would not have any "convenient bugs" but the generated (interpreter) machine code would.<p>Actually, I would not bother, because it is insane, and I would start to re-write a significant part of everything in assembly with a conservative usage of a pre-processor. Hopefully risc-v will become the de-facto standard since there is no toxic IP (Intellectual Property) tied to it... well... this is an issue only in countries where such toxic IP (Intellectual Property) has a legal value, but nobody can ignore reasonably those barbaric countries... (similar issue with MGPEG-LA/HDMI/etc).