Here’s the context: I love and prefer to use open-source software whenever possible. However, a lot of times, it’s simply not practical when there’s plug-and-play software out there with amazing UX compared to the, unfortunately, shitty UX of a lot of open-source software.<p>As a concrete example: I’m a user of the macOS software “Little Snitch” and I feel like, at this point, I can no longer live without the functionality that it provides; it’s one of the quite few pieces of software that I’ve actually “happily” paid $ for. However, ever since the first day I started using the thing — years ago — I’ve constantly felt this very, very, very deeply uncomfortable feeling inside literally giving kernel-level access/authorization to this closed-source piece of software. This is something that I feel like a lot of folks don’t think about hard enough. (Side note: This is partially why I’m of the opinion that software engineers should, at least once in their career, write some low-level systems code — especially kernel code; the perspective that you gain is priceless.)<p>I’ve been wondering: Why isn’t there a group of security researchers who focus <i>solely</i> on reverse engineering closed-source software as new versions come out? I’d absolutely be willing to pay a subscription fee for a service like this! Maybe something like this already exists, but none of my searches have returned any legit results. E.g., if I could have a simple tool that would basically tell me that it’s okay to install this version of Little Snitch (I mean version here as in an actual hash of the binary or .app file/directory), because this specific group of reputable security researchers — with their careers on the line — have reversed engineered it and found nothing fishy going on, I’d be happy to pay probably even $50/month for a service like this.<p>Does this exist? If not, who’s going to start it and where do I sign up?!?