You know the best way to analyze a submission to the OCCC? Compile it, then run the result through a disassembler. You get back far more readable code than the source.
But you’re right; reading code isn’t easy; I meant relatively. If you have government-level resources and can hire a bunch of experienced software developers to review source code, armed with a bunch if static analysis tools (<cough>NSA), you have a decent chance of finding malicious code in software. I know of no similar tools (and the automated software analysis tools are the important factor) for finding backdoors in hardware.