Comment by asdewqqwer
15 hours ago
There is a huge gap between the shining examples and actual use case: What is the false positive rate? How to judge false positive?
If you need 1000 run that cost 20000 USD to find a vulnerability, and you need 2000 USD to generate a exploit (which makes it self-verifiable to be not false positive), than your cost is not 22000 USD but 1000x2000+2000 which is 2 million USD: you have to try generating exploit for every trial before you know it is true, or you need to hire one (or several) senior security people to audit every single of them.
A broken clock being correct twice a day is not impressive.
My impression from the article is that it took $20,000 to perform all 1,000 runs.
yet the poc exploit itself take $2000 and one day, I don't know how the math works, maybe there is some extremely clever way to figure out runs that are not worthy to attempt exploit.