top | item 37429067

(no title)

You can audit binary code with tools like Ghidra and IDA Pro.

It takes a different mindset to find these type of bugs than it takes to develop software. I won't quite say they're orthogonal skill sets, but pretty close.

If the people finding these bugs don't want to work for Apple, Google Project Zero, etc. there's not really much Apple can do about it.

discuss

beagle3|2 years ago

It’s not orthogonal, it’s complementary.

Programming mindset is about making sure what’s in the spec works.

Security mindset is about making sure that what isn’t in the spec doesn’t work.