Re: I guess this would have shown up with a cursory glance at the code?
Juniper's advisory says
During an internal code review, two security issues were identified.So, more than a cursory glance, and that is in fact how it was found. The CIO said that the code review identified "unauthorized" code. Whether or not Juniper will share with us how that backdoor got into their code repository remains to be seen; it's interesting that it seems to have been 'camouflaged' to look like a printf() command. That's not what you'd expect from some developer putting in a time-saving routine during development and then forgetting to remove it before release, it looks like something that was designed to stay under the radar in released software.