Backdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring source code is a hurdle to detecting backdoors since it isn't typically available for off the shelf software or for many of the libraries developers link to. And what about your developer tool chain? Ken Thompson in "Reflections on Trusting Trust" showed your compiler can't be trusted. What about your linker, obfuscator or packer? To find backdoors in these scenarios you need to inspect the software executable binary.