Re: Re: Fwd: x86 ROP mitigation

[Josh Bressers <bressers () redhat com>]

> It's not going to be increasing the cost of exploit development if it
> only means a script ends up finding different gadgets instead. Maybe it
> leads to better tooling being developed if it's far enough along, but
> that's one person investing their time once, not every exploit taking
> more resources to develop. If it's incomplete, how is it a layer?

It's the first step of a very long road.

This attitude is quite pervasive across security people, and it's not a
very good one. Just because the first iteration of a technology isn't
perfect, or the ideas have room for improvement is no reason to go all
negative.

Sometimes great ideas start out like this. If it's a bad idea, it won't
stick around for long. There are few instances where doing nothing is
better than doing something.

-- 
    JB