Control Flow Integrity (CFI) is a popular topic in the world of exploit mitigations these days. As Microsoft was the first company to ship a platform-wide, and enabled by default CFI solution, we??ve learned a lot of hard but valuable lessons. This talk takes a walk down memory lane, starting from several years ago when Control Flow Guard first shipped, to the present day. Along this journey through time, I??ll talk about things that Microsoft discovered both internally, through our mitigation bounty, and through exploits in the wild, and how these findings have changed our threat model and the way we think about CFI technology. We??ll also touch on open problems in the CFI space and how we see CFI fitting in to the bigger picture of mitigating memory corruption exploits moving forward.