[umbs]

I have a slightly off topic observation and couple of questions. Hoping to get inputs from community. I'm half way through the write up and am amazed by the amount of research, skill and grit that went in to finding this vulnerability. Few questions I have:

1. How do vulnerability researchers and RE engineers narrow down which code base to test? VirtualBox code could be so huge.

2. If their research leads to dead end, which I guess may happen most of the time, how do they keep themselves going/motivated?

3. Clearly, this work needs lots of time. How do they fund themselves to do this?

4. I believe a certain mindset is required to continue doing this work because most of this is 'altruistic' in nature. The monetary reward is a pittance. Would love to read some books on such topics.