[justapassenger]

You only need a bug in a single line of code of your dependency to compromise the whole app. Most of the code doesn’t matter for security.

[pjmlp]

The usual argument that safer languages are needless, because bugs happen anyway, yet Apple is going Swift, and adopting hardware mitigations to fix these kind of issues.

[saagarjha]

Hardware mitigations which you can’t use?

[AlotOfReading]

I'm pretty sure they're talking about things like PAC, which are are definitely available to apps (and I think even required?).

[saagarjha]

Not for third party apps, the ABI is not stable yet.

[pjmlp]

Regardless of the actual usage surface, its need is seen as relevant enough for Apple management to release the necessary budget to spend in engineering to make it happen across the whole stack.