Detailed analysis on a 10-year dataset of IoT binaries and their security features. The Cyber ITL focussed on which compiler and toolchain hardenings the vendors use.

CITL identified a number of important takeaways from this study:
On average, updates were more likely to remove hardening features than add them.
Within our 15-year data set, there have been no positive trends from any one vendor.
MIPS is both the most common CPU architecture and the least hardened on average.
There are numerous duplicate binaries across multiple vendors, indicating a common build system or toolchain.