"Are the programmers at NSO group just the best in the world?"
The parent comment seems to imply that someone who can find programmer mistakes is a better programmer than one who actually writes software for the public. If thats true then wouldnt it be reasonable to prefer to use message software written by NSO instead of Apple. Why dont "security researchers" write the software we use instead of "software engineers".^1 Which group would be more likely to have "the best programmers in the world" who would be the least likely to make mistakes. Honest question. Im not trolling. I think about this question all the time.
1. Some of the programs I use and rely on everyday, even more than something like "iMessage", were written by people who claim to work in "security" or "research" (or even teaching math to university students) not "engineering". I have no complaints about these programs. Yet I have plenty of complaints about the software foisted upon us by Big Tech.
It’s just a matter of the two groups having different skills. One group writes for the general case while the other specialises in corner cases.
The latter looks really impressive when it’s done well, but it’d be silly to expect someone with deep security knowledge to sit down and build a spreadsheet manager from scratch. The two skill sets are just different. There is no “best”.
The hard part is not necessarily finding the programming mistake so much as figuring out a way to reliably exploit them. Back in the day before ASLR and other mitigations it was really straightforward, but modern OSs have much more sophisticated countermeasures to prevent buffer overflows and user-after free bugs to enable RCE.
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it."
The parent comment seems to imply that someone who can find programmer mistakes is a better programmer than one who actually writes software for the public. If thats true then wouldnt it be reasonable to prefer to use message software written by NSO instead of Apple. Why dont "security researchers" write the software we use instead of "software engineers".^1 Which group would be more likely to have "the best programmers in the world" who would be the least likely to make mistakes. Honest question. Im not trolling. I think about this question all the time.
1. Some of the programs I use and rely on everyday, even more than something like "iMessage", were written by people who claim to work in "security" or "research" (or even teaching math to university students) not "engineering". I have no complaints about these programs. Yet I have plenty of complaints about the software foisted upon us by Big Tech.