MS shares information with intelligence agencies and usually before MS has even delivered a patch.
On top of it, when we analyze government malware, we don't see some weird calls to rand_s. We just see a few zero-days, exploits for known issues, or just plain-jane trojans.
Why compromise rand_s, which could help our enemies and cause a public outcry, when you're sitting on a mountain of zero days?
Also, windows is not closed source. MS shares source with governments, universities, etc. I think functions like rand_s are well understood and there has never been an MS backdoor for the government.
On top of it, when we analyze government malware, we don't see some weird calls to rand_s. We just see a few zero-days, exploits for known issues, or just plain-jane trojans.
Why compromise rand_s, which could help our enemies and cause a public outcry, when you're sitting on a mountain of zero days?
Also, windows is not closed source. MS shares source with governments, universities, etc. I think functions like rand_s are well understood and there has never been an MS backdoor for the government.