Comment by 0xDEAFBEAD
9 hours ago
Correct me if I'm wrong, but I think a better mental model would be something like: Take the union of all bugs found by all white hats, fix all of those, then check if any black hat has found sufficient unfixed bugs to construct an exploit chain?
The black hat has to find a handful of bugs. Sometimes one bug is enough.
How do you check this?
I meant in the sense that this algorithm will tell you if your software is vulnerable in the abstract. It's not a procedure you could actually follow.