A backdoor is a hidden, unauthorized access path in software or systems that bypasses normal authentication mechanisms. Backdoors can be deliberately planted (e.g., by an attacker or insider) or remain as remnants of debug functions.
In an ISMS context, ISO 27001 Annex A controls A.8.28 (Secure Software Development) and A.8.8 (Management of Technical Vulnerabilities) address the backdoor risk. Code reviews, static code analysis, and supply chain integrity checks (A.5.21) are effective countermeasures. Notable incidents such as the XZ Utils compromise (2024) demonstrate that even trusted open-source projects can be targeted. Monitoring for unusual network connections (A.8.16) can detect active backdoors in production.