As a security engineer at Apple, I had several productive years collaborating with the Developer Technologies group to build security tooling around LLVM and the Clang Static Analyzer.

In 2015, we worked together on bringing Google's Address Sanitizer to Apple platforms, the first of several code instrumentation features added to Xcode to help developers eliminate bugs.

Shortly before I left Apple, I was invited by two of my terrific colleagues, Anna Zaks and Fred Riss, to share the stage at Apple's Worldwide Developer Conference to talk about undefined behavior, its role in security vulnerabilities like 2014's Heartbleed bug, and the new Undefined Behavior Sanitizer.

The talk is now unlisted but is still available here: Understanding Undefined Behavior