Attackers are having success using vulnerabilities similar to what we’ve seen previously and in components that have previously been discussed as attack surfaces.The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, they must develop a brand new exploitation method.

This is because developers are fixing single instances of bugs and not the whole classes of them. To address memory corruption bugs as a whole class you need to dramatically change your development practice or even the programing language to a memory safe one. Without doing so it will continue to be a whac-a-mole exercise forever.