But I do think it's worthwhile to take measure of how important a particular piece of software is to our collective security and privacy. It's not necessarily a bad thing for interested parties to not completely trust their systems. Risk mitigation is all about quantifying probable events relative to their damage.
I think a lot of people will take a look at the IPSEC code and that can't be a bad thing.
Backdoors need not be literal. A well-misplaced if will go a long way in leaking a key information. Hardly a "backdoor" in a more common sense of the word, but an exploitable weakness nonetheless.
It just seems odd to me that a seemingly well respected engineer would fabricate allegations using his corporate e-mail (VMWare). We should remember it was not he who posted them publicly.
I'm not saying it's true but only that I don't see any more evidence that it isn't true than that it is - yet.
