Besides the usual ones, I've had to use IDA Pro occasionally for compatibility purposes in my job as a NAS vendor.

There are lots of apps that make lots of assumptions about how filesystems behave, generally based on the local filesystem and maybe on one popular networked filesystem for the platform (NFS, SMB, AFP).

If one of those assumptions is violated, applications can crash or refuse to interact with you. Some just refuse to write to any networked filesystem. Some run only on whitelisted filesystems. Some will hit an error due to an unsupported operation on your filesystem, fall back to some ancient code path using long-since deprecated Carbon APIs that only work properly on 32 bit systems, and so truncate all of your data to 2 GB.

Problems like the latter are really helped by being able to do some reverse engineering of the application to figure out why the heck it just writes out the first 2 GB of the file.

Because this isn't our bread and butter but only an occasional tool in our toolbox, the licensing on IDA Pro can be rather frustrating. We use it only once every couple of years to debug some kind of compatibility issue like this, and so we usually have to dig around to figure out if we still have valid licenses, deactivate systems that we're no longer using, and so on.

Malware analysis and vulnerability research.

Would you mind answering some questions if you're familiar with the area (edit: hah, just noticed you posted to the OP to this whole thread.); What are some examples of firms that are involved in this work? Is it mostly a collection of smaller shops/individual contractors? After a cursory search, I seem to be seeing a lot of groups/labs comprised of relatively few people. Why are there so many references to high bill rates in these comments, is the pay especially notorious? That's something I haven't heard before.

My office is in the same building as BitDefender. I casually talked to some of the guys and they do use IDA Pro in their malware research department.

They mostly hire their researchers straight out of college if they have high C proficiency and train them internally to use IDA Pro.

I know my comment isn't exactly what you asked, but I hope it clears some light.

> My office is in the same building as BitDefender. (...) They mostly hire their researchers straight out of college if they have high C proficiency

Also partially OT, just wanted to say that I was a sort of college-roommate with one of their present-day senior security researchers in the early 2000s and to this day I remember that person as one of the most code-obsessed persons I have ever met, and I say that in a good way.

He was looking at almost every program running on our room's computer (yes, we only had one computer in our room of 4 or 5, no laptops) as a thing to be "broken apart"/analyzed/made sense of, he had a state of mind and a way of looking at things when it came to computers that I've never met since then at any other computer programmers (I've mostly met desktop, backend and front-end programmers, I'm a data-obsessed person myself). I realized in the meantime that in order to enter this "computer security" field and especially in order to be good at it you need to have a different set of skills and especially a different way of looking at things compared to other computer programmers.

So he is basically Stallman's hacker.