"Security advisories lie
Ðoften
incomplete, or wrong
"Published exploits are mostly broken, deliberately
"Compiled-in intrusion prevention like StackGuard makes it
expensive to determine whether the
defense is really working, or if it is just an incompatibility
ÐAlso true
of diversity defenses