The ImageMagick Security Policy Evaluator allows developers and security experts to check if an XML Security Policy is hardened against a wide set of malicious attacks. It assists with the process of reviewing such policies, which is usually a manual task, and helps identify the best practices for ImageMagick deployments.

"Rogues are very keen in their profession, and know already much more than we can teach them" said locksmither Alfred Charles Hobbs, who in 1851 demonstrated to the public how state-of-the-art locks could be picked, in response to concerns that exposing security flaws in the design of locks could make them more vulnerable to criminals. This quote is not less true today when applied to blackhats. Open source doesn't mean secure, but security trough obscurity is not a good security model.

The fact that he pursued the cause of the bug even when things got difficult or strange for him was the essence of his real "hacker" experience. Was it a simple buffer overflow? Maybe, but he learned a lot getting his hands dirty