, ? 70% sensitivity demonstrated using snapshot monitor and (!) random probes ? Reasonable to infer higher sensitivity possible with guided probe selection and/or sequential monitoring

, Relaxing verification seems possible, even with low-sensitivity monitors ? The Gaussian probability model is clearly very approximate ? New challenge: Showing software robust to "small bugs" ? Bottom line: For a given level of safety (e.g. loss-of-integrity probability), preservice verification can be relaxed by carefully introducing bug monitoring