There are processes to help, like code review, unit tests, automatic regression tests, manual ones, internal and public beta tests, etc. But sometimes a bug get through the mesh of the net all the way to @MacRumors.
I absolutely don’t think the last High Sierra bug is a backdoor or intentional (responding to some comments on my previous tweet). It is just a mistake illustrating the complexity of maintaining such a huge software code base. Anytime you change anything you may introduce bugs.
Seriously, the quality of macOS High Sierra is a shame. I really don’t understand how that root login without a password story could happen. Especially when you consider all the good security engineering around (SEP, code signing, sandbox, entitlements). I feel sad.