I want to say that all this backdoor incident (s, not the first and certainly not the last) only shows how well the FOSS model works. Not only for catching it promptly before it even was released, but these attacks which require a good amount of skill and time, and therefore probably money, demonstrate that some bad actors are fearful of FOSS.
Also I want to point that voluntary FOSS contributors are not exploited even if some big corp uses their software without paying anything, as long as they respect the freedoms they have to give to their users. Also many (maybe most idrk) contributions to FOSS aren't made by volunteers, but through foundations/donations models paid professionals or companies putting developer time to them (I suspect this could be the case here with the guy from Microsoft that caught it).