This doesn’t match the description in the linked article, CIT was not primarily looking for hard to implement features, instead they were looking for who implemented binary hardening features. (Techniques that make a compiled program harder to exploit, or prevent minor exploits from becoming major exploits) There is some discussion in passing that they also looked for know bad library calls, but the majority of the text dealt with binary hardening.
Assessing the security of devices by measuring how many difficult things the programmers tried to do
3 Likes
