Received a really interesting question in my DMs. Want to answer it publicly. I would say that’s a really good question, make me feel happy that people are willing to analyze
Compare this with an example:
You have a huge pile of sand and there's a dollar that you lost somewhere in there. You gave yourself 1 hr to find that dollar from that extremely huge pile of sand.
Do you think it's possible to find that dollar in an hour? Probably yes, if you are looking for that dollar in a place where it's likely exist.
But, is it really realistic to expect finding that dollar in an hour?
Most likely no. Why? coz you don't know where that dollar will be, it's mostly luck that you started searching where the likelihood of finding that dollar was a lot more. But there's literally no way to know where that will be.
What's the guaranteed way to find that dollar? The guaranteed way to find that dollar is to search for that dollar until you find it. It can be 1hr, 2 hr, 5 hr, 100hr or 1000 hr or until there's no more sand to find it in.
So, you have github BBP. What's the likelihood of 10 vulns existing on Github Program? Very likely coz their code base is constantly evolving - they paid 100k$+ in last 90 days.