https://arxiv.org/abs/1808.00659 Popular version: https://techxplore.com/news/2018-08-defensive-technique-software-buggier.html The basic idea here is to create a large number of non-exploitable bugs, then add them to existing code. Do not worry as much about remediating existing bugs. The "bad guys" have a greatly reduced chance of finding and exploiting a real bug because they keep finding chaff bugs instead. Wasting resources. The most time consuming task facing intruders is locating bugs to exploit. Analogy: It is like having a tub of cubic zirconium "diamonds" with one or two real ones mixed in. Finding the real diamonds takes a large amount of time. Cubic zirconium fakes can be detected but takes some time. If it becomes sufficiently tedious it may not be worth the huge amount of time spent. Abstract: The red-highlighted phrase seems to me to be the hard part. Disguising the fake bugs. If all of the fake bugs are similar somehow then one can write algorithms to find and then mark the fakes as fake.