Ten years after the original Clang Hardening Cheat Sheet was published, the authors, Daniel Janson and Béatrice Creusillet, highlight significant updates to Clang's security measures. The updated cheat sheet introduces new hardening flags aimed at enhancing application security. These include recommendations from the OpenSSF Best Practices Working Group, such as enabling compiler warnings with flags like `-Wconversion` and `-Wimplicit-fallthrough`, as well as linking optimizations like `-Wl,--as-needed` to reduce the attack surface. Key advancements include updates to the `-D_FORTIFY_SOURCE` flag, which now offers a level 31 that adds checks for unsafe operations involving functions like `memcpy`, `snprintf`, and others. For C++ developers, the `-D_GLIBCXX_ASSERTIONS` flag allows for additional runtime checks in the standard library, enhancing safety against common vulnerabilities. The post also discusses the `-Wl,-z,nodlopen` linker flag, which prevents shared objects from being dynamically loaded at runtime, thereby limiting potential exploitation avenues. The article details defenses against stack-based memory corruption, emphasizing the importance of a non-executable stack to prevent code execution from the stack memory. This protection is mostly enabled by default in modern systems. Furthermore, it addresses stack clash vulnerabilities, where excessive stack growth can corrupt adjacent memory regions. The authors stress the need for appropriate mitigations to protect against these and other emerging classes of exploits.