“We are involved in a cat-and-mouse game on [the software] engineering side. Every time we come up with something new and build new defenses, it creates incentive for the bad guy to look beyond that,” Arkin explained, noting that the white-hat security research community helps cyber-criminals by publishing vulnerabilities, exploits and techniques to bypass security mitigations.

“My goal isn’t to find and fix every security bug,” Arkin argued. ”I’d like to drive up the cost of writing exploits. But when researchers go public with techniques and tools to defeat mitigations, they lower that cost.”

via fefe http://blog.fefe.de/?ts=b1cba1ed