[lawnchair_larry]

Not true. It just took credit for it, and somehow managed to inject a new buzzword into circulation.

http://www.suse.de/~krahmer/no-nx.pdf is from 2005.

http://www.comms.engg.susx.ac.uk/fft/security/solaris_non_ex... is from 1999.

[onars]

It is true that code-reuse attacks have been around for some time, but Shacham's paper actually showed that you can make arbitrary --Turing complete-- computations with this approach, among other things. I think this alone is a good contribution.