| |
The Security Development Lifecycle : VC 2010 and memcpy
by Security Reads at 12:54 pm EST, Feb 17, 2010 |
A year ago, I wrote a short post about us banning memcpy in the SDL for new code. Well, I’m happy to announce that in VC++ 2010, we have made it much easier to remove potentially insecure calls to memcpy and replace them with more secure calls to memcpy_s; it’s automagic, just like we do did for other banned functions!
|
| |
RE: The Security Development Lifecycle : VC 2010 and memcpy
by Decius at 12:13 am EST, Feb 18, 2010 |
Security Reads wrote: A year ago, I wrote a short post about us banning memcpy in the SDL for new code. Well, I’m happy to announce that in VC++ 2010, we have made it much easier to remove potentially insecure calls to memcpy and replace them with more secure calls to memcpy_s; it’s automagic, just like we do did for other banned functions!
So wait... Now the "S" actually DOES stand for "secure!?" Now all those people who figured out that we were lying about "sprintf" are REALLY gunna be confused. |
|
|
|
