A backdoor is very distinct from a vanilla vulnerability. Heartbleed was a vulnerability, meaning the devs made a mistake in the code, introducing a method of attack. XZ was backdoored, meaning a malicious actor intentionally introduced a method by which he could exploit systems.
Both are pretty serious vulnerabilities, but a backdoor, especially introduced so high in the supply chain, would have been devastating had it not been caught so early.
A backdoor is very distinct from a vanilla vulnerability. Heartbleed was a vulnerability, meaning the devs made a mistake in the code, introducing a method of attack. XZ was backdoored, meaning a malicious actor intentionally introduced a method by which he could exploit systems.
Both are pretty serious vulnerabilities, but a backdoor, especially introduced so high in the supply chain, would have been devastating had it not been caught so early.