Michael Howard on Safer CRT
Mike Howard posted a little item on Safer CRT and the relationship between DevDiv (Developer Division) and SBU (Security Business Unit). He promises more posts on security features in Whidby. I get to work with both groups on a regular basis and it's nice to see the great stuff that can come from this sort of cross-group collaboration. The post is here:
There has always been a very strong relationship with our team and the developer division (aka DevDiv), in part because they take some of our ideas and turn them into solutions that can be used by our developer customers. And I want to take an opportunity over the next few days to outline some of the excellent security stuff added to Whidbey, most of which you will see when beta 2 ships.
One of my favorites is a more up-to-date C runtime library, dubbed the Safer CRT. Let's face it, the CRT of 20 or so years ago has turned out to be a little, well, challenging to use from a security perspective. When David and I wrote Writing Secure Code we wrote an appendix describing "issues" with certain functions in Windows and the CRT. The CRT library folks, under the watchful eye of Martyn Lovell, decided to fix the "Appendix A Problem" and they did so with the Safer CRT.