that's not what I was intending to describe. I was suggesting that insiders have inside information and sometimes that is relevant to attacking companies, such that hiring those insiders could be useful to them.
and definitely not hoping that reverse engineers won't notice, I've been in security long enough to see all my pronouncements of "you know someone could do x" and more come true...
I'm not sure that you've clarified anything with this comment. "Insider knowledge of information relevant to attacking software" is "insider knowledge of product flaws". Flaws need to be fixed, not concealed.
Institutional knowledge is about process as well as the software. Knowing the magic words and people can make social engineering or avoiding countermeasures much easier, even in the absence of an explicit software flaw.
Now we're playing Six Degrees of Kevin Bacon. We start out with moles inserting vulnerabilities. Then it's insiders who know about flaws. Then insiders who know about weak spots to look for flaws in. Now it's magic words to help with social engineering. At some point, these stop being important considerations for public policy.
and definitely not hoping that reverse engineers won't notice, I've been in security long enough to see all my pronouncements of "you know someone could do x" and more come true...