There is a huge gap between the shining examples and actual use case: What is the false positive rate? How to judge false positive?
If you need 1000 run that cost 20000 USD to find a vulnerability, and you need 2000 USD to generate a exploit (which makes it self-verifiable to be not false positive), than your cost is not 22000 USD but 1000x2000+2000 which is 2 million USD: you have to try generating exploit for every trial before you know it is true, or you need to hire one (or several) senior security people to audit every single of them.
A broken clock being correct twice a day is not impressive.
yet the poc exploit itself take $2000 and one day, I don't know how the math works, maybe there is some extremely clever way to figure out runs that are not worthy to attempt exploit.
If you ever try to write a email client, you will immediately realize how difficult, if not impossible, to fix all the bugs for a email client. It is a multi-different-protocol-version-async-client-handling-same-database-with-thousands-of-race-condition backwards compatibility nightmare.
Writing a email client with support of just up-to-date protocols and assume it is the single client that will operate that account is trivial, write one that covers all corner cases is a totally different story.
I don't know about the rest, but surely the race conditions are the fault of whoever designed the concurrency part. An email client does not inherently have race conditions.
OK? Sure would be nice to hear why having a second email client talk to the remote server introduces race conditions on the local client (EDIT: that is, race conditions that are the local client's responsibility).
Sure, then governments are also just people. How about we restore Monarchy now so someone can actually be held responsible? Also we should completely abandon Nulla poena sine lege since evidently the imbalanced power does not exist between people and also people (government).
If you need 1000 run that cost 20000 USD to find a vulnerability, and you need 2000 USD to generate a exploit (which makes it self-verifiable to be not false positive), than your cost is not 22000 USD but 1000x2000+2000 which is 2 million USD: you have to try generating exploit for every trial before you know it is true, or you need to hire one (or several) senior security people to audit every single of them.
A broken clock being correct twice a day is not impressive.
reply