Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is Security Development Lifecycle Checks option in Visual Studio?

Tags:

c++

visual-studio

sdlc

I am using Visual Studio 2013 Preview, although I'm sure I've seen it in earlier versions. When creating a new project using the wizard, I select C++, Win32 Console Application, and there is an option to enable Security Development Lifecycle Checks on my project. Could someone explain exactly what this option does to my code/project?

like image 900
Neil Kirk Avatar asked Aug 18 '13 23:08

Neil Kirk

People also ask

What developed the security development lifecycle?

The Microsoft Security Development Lifecycle is a software development process used and proposed by Microsoft to reduce software maintenance costs and increase reliability of software concerning software security related bugs. It is based on the classical spiral model.

What are the core concepts of the Microsoft Security Development Lifecycle?

The Microsoft SDL is based on three core concepts: Education. Continuous process improvement. Accountability.

What are the Microsoft SDL practices?

The Security Development Lifecycle (SDL) consists of a set of practices that support security assurance and compliance requirements. The SDL helps developers build more secure software by reducing the number and severity of vulnerabilities in software, while reducing development cost.

2 Answers

The /sdl switch is described here. It turns some warnings into errors, which does not affect your code. Furthermore, it applies the /GS check more aggresively.

Don't expect too much from it. The Microsoft SDL is really a workaround for 1980's style C programming. Even it you use 20th century C++, you don't need it. E.g. operator+(std::string, std::string) is both safe and portable. Microsoft's SDL solution here in contrast is not portable, nor is it safe - the idea behind /GS is to find errors with C string handling at runtime and abort the program, limiting the consequences but not making it safe.

like image 50
MSalters Avatar answered Sep 20 '22 06:09

MSalters

The Microsoft Security Development Lifecycle is a software development process used and proposed by Microsoft to reduce software maintenance costs and increase reliability of software concerning software security related bugs.

These may helpful:

http://download.microsoft.com/download/B/5/A/B5A89F4C-D591-4AAB-BF45-D818D80527B6/SDLServices2011.pdf

http://msdn.microsoft.com/en-us/library/windows/desktop/84aed186-1d75-4366-8e61-8d258746bopq.aspx

like image 23
Mohammad Izady Avatar answered Sep 19 '22 06:09

Mohammad Izady
Sign in to Comment

Related questions

Which C++ standard is the default when compiling with g++?
What is *.o file?
Is Bjarne wrong about this example of ADL, or do I have a compiler bug?
Object array initialization without default constructor
Exclude source file in compilation using Makefile
How to hide a string in binary code?
How to write to the Output window in Visual Studio?
Why are Python Programs often slower than the Equivalent Program Written in C or C++?
C++ style cast from unsigned char * to const char *
Use of min and max functions in C++
Is there ever a need for a "do {...} while ( )" loop?
c++ exception : throwing std::string
Does the range-based 'for' loop deprecate many simple algorithms?
Which C++ Standard Library wrapper functions do you use?
C++ Cross-Platform High-Resolution Timer
Printing all environment variables in C / C++
Is C# really slower than say C++?
When to Overload the Comma Operator?
Generic way to cast int to enum in C++

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!