If the software does not contain an exploitable bug, I desire to believe that I haven’t found any exploitable bugs in it yet, And I had better keep looking.
This part seems like a mistake. If this component actually does not contain an exploitable bug, my time would be better spent looking for exploitable bugs in other components. Otherwise I can never audit the whole code base.
This part seems like a mistake. If this component actually does not contain an exploitable bug, my time would be better spent looking for exploitable bugs in other components. Otherwise I can never audit the whole code base.
Yes. Also, if there is no exploitable bug, then I would want to believe that, not merely that I haven’t found any yet.