WebKit is not open source?

Sure there are closed source parts of Safari, but I'd guess at least 90% of safari attack surface is in WebKit and it's parts.

In many cases, the difference between a bug and an attack vector lies in the closed source areas.

This is going to be the case automating attack detection against most programs where a portion is obscured.

	▲	rs_rs_rs_rs_rs 14 hours ago \| parent \| next [-]
		>In many cases, the difference between a bug and an attack vector lies in the closed source areas. You say many cases, let's see some examples in Safari.
	▲	dwaite 14 hours ago \| parent \| prev [-]
		However, Firefox also needs to use the closed source OS when running on Windows or macOS. There are also WebKit-based Linux browsers, which obviously do not use closed-source OS interfaces. My pessimistic guess on reasoning is that they suspected Firefox to have more tech debt.