About 20y ago, as part of a contract job, I documented my ideas on pax.grsecurity.net/docs/ explaining the PaX threat model, the exploit technique based defenses, data-only attacks, CFI, etc. Little did I know that this would set a path that many others would follow year later.