VenTatsu is correct here. Cory’s summary is inaccurate. What we’re talking about when we talk about things like ASLR or non-executable stack are protections which can be built into the binaries automatically during the process of compiling and building it to make bugs either not be exploitable or be more difficult to exploit. Binary hardening just means building binaries in ways which are more resistant to certain classes of attacks. These approaches are standard defenses generally included in programs which run in normal desktop, laptop, server, and smartphone environments. But in the IoT space, they are often lacking and this report is about the state of IoT from that perspective, why it is that way, and what we might be able to do to fix it. This has nothing to do with the difficulty of implementation.
The question of looking at which features are harder to implement correctly would also be an interesting approach, but it isn’t the approach that this report or talk takes.
