ARC337-R: Baking the best security layer cake

It's not enough to fix a bug or issue, we also have to dig in and find a deeper kind of fix that eliminates most bugs of that entire class. Failsafe design and defense in depth are nothing new, but in security, the tendency to add layers can backfire. Each new layer brings its own potential bugs, risks, costs, and challenges. In this talk, we take a look at just how effective some of the simplest mitigations are and how modern verification techniques can provide run-time assurance without run-time risk.