If you want to help improve the security of OS software through the magic of memory safe languages, the team that did this work is hiring: https://jobs.apple.com/en-us/search?search=Spear&sort=releva...
Knowledge of Swift not required. If you know your way around OS software, can reason about the security of the code you write, and are excited about writing exhaustively tested software, we’d love to talk to you.
We’re hiring for roles in kernel/systems and userspace. Like the Platforms SOTU mentioned, we’re using Swift at all layers of the software stack now. https://www.youtube.com/live/yl2jsIoMfDU
I had the pleasure of leading the effort to ship Swift in the Secure Enclave back in 2022. Now I have multiple teams working on accelerating the transition to memory safe languages. We’re showing that with good planning and a relentless focus on testing, we can improve security, performance, and functionality. And we get to have a ton of fun working with some amazing colleagues. It’s the most enjoyable and impactful work I’ve ever done in my career.
Great to see this happening. Personally I want an OS where everything is memory-safe by default.
Of course in an alternate universe where macOS (and iOS etc.) was based on Multics rather than Unix, it would have had essentially zero buffer overflows - which are hard to create in PL/I but hard to avoid in C. Even Apple's Pascal compilers from the 1980s had range checking...
But legacy C code can/should absolutely use things like clang's -fbounds-safety (has been in clang on macOS for years) etc. Fil-C is another option.
How do I apply? Historically jobs.apple.com is a black hole unless you know people.
Apple (like most large tech companies) is indeed a resumé black hole, and knowing people helps, so definitely network if possible. However, applying to the right position, with a good resumé that highlights experience/skills/projects/open source contributions/education/etc. that are directly related to the position, also matters. I am aware of several people who simply applied online and got interviews.
I may be wrong about this, but I don't think Apple bans you from applying to multiple positions within the same year the way some companies do.
There also seems to be a decent pipeline for new graduates (though I think highlighting relevant academic, research, and open source projects can still help.) Internships can also be a path if you are currently in school.
I don't know if Apple recruits on linkedin, but that might also be an option.
Of course connecting right here on HN seems like a great idea as well.
Any resources you'd recommend for learning about reasoning about the security of code?
For low-level system security, I'm a fan of https://llsoftsec.github.io/llsoftsecbook/LLSoftSecBook.pdf as an overview for any systems developer, not just compiler devs. It might not be the most approachable, but it's got great info on everything memory corruption.
On-site only?