On Sun, Jun 06, 2021 at 07:16:00AM +0200, Greg KH wrote: > On Sat, Jun 05, 2021 at 11:12:49AM -0700, SyzScope wrote: > > Hi Greg, <...> > > Perhaps we misunderstood the problem of syzbot-generated bugs. Our > > understanding is that if a syzbot-generated bug is exploited in the wild > > and/or the exploit code is made publicly available somehow, then the bug > > will be fixed in a prioritized fashion. If our understanding is correct, > > wouldn't it be nice if we, as good guys, can figure out which bugs are > > security-critical and patch them before the bad guys exploit them. > > The "problem" is that no one seems willing to provide the resources to > fix the issues being found as quickly as they are being found. It > usually takes an exponentially longer amount of time for a fix than to > find the problem. And this is even an easy case, the more complex and common situation where repro is not available or it doesn't reproduce locally, because it is race. Thanks
