[marris]

When you create a tax shelter, someone always asks "what if someone uses this to create an enormous amount of wealth"? This is not just true for the US tax code, but has been true for probably every tax code in history. When that question is raised, the first thing to contemplate is how likely it is to occur. And if it is not considered likely, then this risk is accepted.

Fuzzing may be a good analogy. Fuzzing can be used to test POST request processing when the logic is too complicated to validate via more formal means. We try a large sample of inputs. If they pass, then the test passes, even though we cannot be confident that the code will handle every input string correctly.

[aeturnum]

Right, but like - if you later find a buffer overflow that the fuzzing missed - you'll fix it right?

[marris]

Sure, if you can reproduce the input and if you agree that it is misuse. This is a scenario where we don't know the formula to create $5B, and and there is no consensus that it ("making an extremely successful investment in a tax shelter") is misuse.