Internal Party WORSE than hacked from outside
One significant part of Fortinet's statement was the assertion that this didn’t come from an external party. Ever since the Juniper backdooring security vendors have been at pains to avoid any suggestion that they are allowing intelligence agencies access to their products.
I'm not so sure Fortinet should be PROUD of the fact that THEIR OWN ENGINEERS thought this was a GOOD IDEA and put it into the code. In some ways it is better that an outside hacker got in to do the deed.