You can audit binary code with tools like Ghidra and IDA Pro. It takes a differe... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		itsokimbatman on Sept 8, 2023 \| parent \| context \| favorite \| on: NSO group iPhone zero-click, zero-day exploit capt... You can audit binary code with tools like Ghidra and IDA Pro. It takes a different mindset to find these type of bugs than it takes to develop software. I won't quite say they're orthogonal skill sets, but pretty close. If the people finding these bugs don't want to work for Apple, Google Project Zero, etc. there's not really much Apple can do about it.

beagle3 on Sept 8, 2023 [–]

It’s not orthogonal, it’s complementary.

Programming mindset is about making sure what’s in the spec works.

Security mindset is about making sure that what isn’t in the spec doesn’t work.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact