Q: If one has two FW dunps, how to best compare the static areas of the two to see if a bit has flipped by comparing the dumps?
I'm not aware of anyone having mapped this out in detail. See also "essentially unlimited list of things that would be interesting to investigate"
One approach would be to compare dumps from multiple, known working examples of the same model, or the same camera over time. Note that aside from stuff that changes routinely (like settings and crash logs) there's camera specific calibration data that isn't expected to change of the life of the camera, and cannot be easily re-created without Canon's calibration tools.
In general, the writable regions would be expected to be aligned some relatively large size (erase block size or larger), and runs of 0xff would be expected in unused space in between. So you should be able to do a fair job of identifying regions of interest with just a diff capable hex editor.
Another approach would be to to attempt to specifically identify the parts change from reverse engineer. Many of these like the romlog, adjustment table and flash params could likely be added to the sig finders without huge effort. This would be useful for other reasons, and could be scaled to cover the whole suite of cameras.
A third approach would be just worry about the known constant parts, i.e. the main firmware code and the data immediately after it. How to identify this varies by camera generation.