Lessons Learned the Hard Way
"Security advisories lie
often incomplete, or wrong
"Published exploits are mostly broken, deliberately
"Compiled-in intrusion prevention like StackGuard makes it expensive to determine whether the defense is really working, or if it is just an incompatibility
Also true of diversity defenses