Description
Since the early 2000s, many passive security mitigations like
W⊕X or ASLR have been developed and have been shown
numerous times to be effective in preventing a software bug
to be abused. However, to our best knowledge little to no data
is available on the general adoption rate for these mitigations.
In this paper, we analyse software for Microsoft Windows
that was published in the last 8 years to provide data over
time for the adoption rate of available security mitigations.
We discuss how this data aligns with changes in compiler
settings, minimum system requirements and other factors to
help understand how we can improve the speed of adoption
for security mitigations developed in the future. We identify
potential causes for the low adoption of some mitigations and
discuss potential remedies that could help to solidify software
at large.
|
