Very cool that this is just from logic bugs! I wonder if we should as a rule assume that sandboxing that is not formally verified or battle tested over a really long time is unlikely to be free of bugs.
What's the long-term solution for these kinds of problems? How can we get out of this tar pit? Of course in the short run we can be dilligent about updates and bug bounties etc, but how can we actually eliminate these kinds of errors in a 'complete' way?
Not just any logic bug. I think the most succinct identification so far of the specific type of logic bug is in this comment (not mine): https://news.ycombinator.com/item?id=30871034
What's the long-term solution for these kinds of problems? How can we get out of this tar pit? Of course in the short run we can be dilligent about updates and bug bounties etc, but how can we actually eliminate these kinds of errors in a 'complete' way?