The problem with these sorts of mitigations is that they take programs that are insecure by design on systems never intended to be secure and attempt to automagically retrofit security onto them. This has improved the prevailing security in many of these low security designs from laughably easy to requiring actual professional efforts by singular individuals, but are still, conservatively speaking, 100x worse than actual high security systems designed, proven, and verified to protect against high attack potential threat actors such as state actors and international organized crime who have teams of hundreds instead of being limited to small scale individual operations.

The real frontier for high security has been and continues to be adopting and then streamlining the implementation of the methodologies in use for decades demonstrated to be 100x better than the last 20 years of mitigations combined.

After all the vulnerabilities found in C(++) every major kernel today uses them and continues to use them in unsafe ways and gets exploited. Research is great and all, but in practice rewriting everything greenfield is not going to work so we're going to have to invest in both.

Is there a talk that goes along with the slides?

It was at BlueHat a couple weeks ago. The talk will probably show up on youtube in a month or two like has happened for previous BlueHats.

Yes, the slides are clearly meant to be a supplement to the talk, and don't stand on their own.