> Firefox was not selected at random. It was chosen because it is a widely deployed and deeply scrutinized open source project — an ideal proving ground for a new class of defensive tools.
What I was thinking was, "Chromium team is definitely not going to collaborate with us because they have Gemini, while Safari belongs to a company that operates in a notoriously secretive way when it comes to product development."
I would have started with Firefox, too. It is every bit as complex at Chromium, but as a project it has far fewer resources.
its just a different attack surface for safari they would need to blackbox attack the browser which is much harder than what they did her
What? The js engine in Safari is open source, they can put Claude to work on it any time they want.
Here's a rough break down, formatted best I can for HN:
There's much more to a browser than JS engine.
They picked to most open-source one.
WebKit is not open source?
Sure there are closed source parts of Safari, but I'd guess at least 90% of safari attack surface is in WebKit and it's parts.
In many cases, the difference between a bug and an attack vector lies in the closed source areas.
This is going to be the case automating attack detection against most programs where a portion is obscured.
>In many cases, the difference between a bug and an attack vector lies in the closed source areas.
You say many cases, let's see some examples in Safari.
However, Firefox also needs to use the closed source OS when running on Windows or macOS.
There are also WebKit-based Linux browsers, which obviously do not use closed-source OS interfaces.
My pessimistic guess on reasoning is that they suspected Firefox to have more tech debt.
Apple is not the kind of company that typically does these things, even if the entire Safari is open source.