Not even that -- there are tech firms that have teams that span multiple geographic boundaries and spoken languages, and they have varying degrees of opsec (from none to excellent, with your typical bellcurve).
These firms receive contracts from Fortune 500 companies that have no interest in hiring/maintaining technical staff but have a need for apps that reach their userbase (of which numbers from hundreds of thousands to several millions across various jurisdictions).
The world of software development is growing and there are cracks appearing everywhere, a malicious individual should have no trouble accruing a healthy collection of exploitable code across various tech stacks (be it Android, iOS, server-side, or otherwise).
Proper opsec is expensive and many companies don't even bother (or are completely unaware that they could be in trouble), and that's not even touching on designing secure systems. A malicious individual could hold code for several months before deploying an exploit that reaches end-users.
Hunting sysadmins is most definitely a serious problem, but so is outsourcing.
>The world of software development is growing and there are cracks appearing everywhere, a malicious individual should have no trouble accruing a healthy collection of exploitable code across various tech stacks (be it Android, iOS, server-side, or otherwise).
Even more reason to enforce a compliance program (e.g. ISO 27001) to clean your systems and your code.
In fact, you're talking about growing cracks appearing everywhere, and when I look at your code right now, I see even you don't follow secure coding practices for Software Development. Not using the Pull Request Model? Just pushing commits directly into master? These (and more) are all bad security processes that I've identified in your github account.
These firms receive contracts from Fortune 500 companies that have no interest in hiring/maintaining technical staff but have a need for apps that reach their userbase (of which numbers from hundreds of thousands to several millions across various jurisdictions).
The world of software development is growing and there are cracks appearing everywhere, a malicious individual should have no trouble accruing a healthy collection of exploitable code across various tech stacks (be it Android, iOS, server-side, or otherwise).
Proper opsec is expensive and many companies don't even bother (or are completely unaware that they could be in trouble), and that's not even touching on designing secure systems. A malicious individual could hold code for several months before deploying an exploit that reaches end-users.
Hunting sysadmins is most definitely a serious problem, but so is outsourcing.