Famous last words
"Because the stack layout of a function is determined at compile time, we can control what data will be overwritten when the overflow occurs, which gives us an opportunity to ensure the overflow will not be exploitable."
If it were that simple, there'd be no buffer overrun/underrun bugs in my code to start with.
And they want me to start adding them into my code on the basis that I'll be able to stay on top of them, not screwing up and bugging my non-exploitable bugs, whilst all the while not introducing any others that aren't accounted for?
Do they hail from some academe bastion of ivory, where the closest they ever get to a critical program is a day release programme?