underlap, Given the news of the xz backdoor, may I recommend this seminal paper from Ken Thompson's 1984 Turing Award lecture showing how a compiler with no backdoors in the source code can nevertheless propagate a backdoor.
Reflections on trusting trust | the morning paper
https://blog.acolyer.org/2016/09/09/reflections-on-trusting-trust/