It makes me wonder if the software can generally "understand" something is wrong, or if it just has a bunch of modules that look for various exploits (say a buffer overflow attack, a XSS attack).<p>If it's the latter, it just seems like a version of lint that runs on the binary and produces patches on the fly. Granted, that's still a big achievement, but it still relies on people for "unknown" attacks.