--- wikisrc/pkgsrc/hardening.mdwn	2017/11/07 02:00:44	1.28
+++ wikisrc/pkgsrc/hardening.mdwn	2017/11/07 02:14:50	1.29
@@ -36,13 +36,21 @@ It has been enabled by default since pkg
 
 ### PKGSRC_USE_SSP
 
-This enables a stack-smashing protection mitigation.
-
-TODO: Give a link to a good explanation. Explain if this is gcc
-specific or also works with other compilers. Explain if it is C/C++ only.
+This enables a stack-smashing protection mitigation. It is done by adding a
+guard variable to functions with vulnerable objects. The guards are initialized
+when a function is entered and then checked when the function exits. The guard
+check will fail and the program forcibly exited if the variable was modified in
+the meantime. This can happen in case of buffer overflows or memory corruption,
+and therefore exposing these bugs.
+
+This mitigation is supported by both GCC and clang. It may be supported in
+additional compilers, possibly under a different name. It is particularly useful
+for unsafe programming languages, such as C/C++.
 
 It is enabled by default where known supported since pkgsrc-2017Q3.
 
+* <https://en.wikipedia.org/wiki/Buffer_overflow_protection>
+
 ## Enabled by default in pkgsrc HEAD
 
 ## Not enabled by default