Ever since Grace Murray Hopper came across the very first computer bug, there has existed the potential for computers to perform operations which they were not intended to perform by the programmer (source). In its essence, source code auditing is the process of understanding a program better than the programmer who made it. That being said, the person looking for flaws in a program usually must have extensive knowledge of the programming language(s) used, intended system it is to be run on, and other conditions the program may have. Being about to identify programming techniques that are known to cause program malfunctions is all a hacker needs to take control of it. Source code auditors aim to identify these bad practices and once they find them, they can either disclose them to the developer or do whatever they want with them (hopefully nothing bad :C ).
Debugging and identifying flaws in a program is an essential skill for a developer, and it is also the very first step a cyber security researcher must take in order to pwn a system (as an aside, knowning hacker lingo and references will take you far in this field, so I would start watching those horrible 90s "hacker" movies :D).
Over the course of the next two weeks, we will dive into how we can identify flaws in a program and brainstorm possible attack vectors)