Scott Currie - How is Visual C++ (Whidbey) going to make my code more secure?

Posted: Sep 02, 2004 at 12:26 PM

By: The Channel 9 Team

21,922 Views

6 Comments

Download

Right click “Save as…”

Mid Quality WMV (Lo-band, Mobile)
WMV (WMV Video)

format
< > embed
+ queue

Sign In first to access your queue.
Close

Sorry, video was not added to the queue, an error occurred. Please Contact Us and let us know.
Close

Embed code for this video

Copy the code above to embed our video on your website/blog.

Video format

Auto
Use our suggested format for this video.
Smooth Streaming
Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth.
Progressive
Traditional buffered video format.
HTML5
For browsers that support h264 MP4 or WebM video playback such as:
IE9+, Chrome 5+, or Safari 4+.

Note: These selections will fall back to the next best format depending upon browser capability.

Developers are being asked to create more secure code. The next version of Visual C++, code-named Whidbey, will introduce several new security-protection capabilities. Here Scott Currie, Scott Currie, program manager of Visual C++ discusses the new security-focused changes.

Follow the Discussion

Subscribe to these comments

Sven Groot I'm Commander Shepard and this is my favourite store on the Citadel.

Sep 02, 2004 at 2:03 PM quote reply

Sounds interesting. You'll defenitely need to get those secure C APIs standardised though, everybody from Linux to MacOS could benefit from that kind of thing. Not that they'd trust it if it comes from Microsoft, but still...
Also, real C++ programmers don't use C APIs anyway, I mean, who needs scanf and char* when you've got std::cin and std::string (both of which are safe btw)?

Also, it's not exactly clear to me what's so new about this stack buffer overrun protection... VS.NET 2003 does that too. Sure, I assume you've optimised it more, but is there anything really completely totally new added to it? That didn't become very clear from the video to me.
b0b

Sep 02, 2004 at 2:10 PM quote reply

Hmm. Looks like this is a good idea for me to use. My programs use a lot of buffers. This will fix a lot of peoples code that would just crash because they didn't use malloc().

Good idea.
AcidHelmNun Would you like fries with that?

Sep 02, 2004 at 2:15 PM quote reply

Don't dis the C APIs entirely, I use printf and sprintf all the time (and indirectly via CString::Format). Creating formatted output with them is SO much easier compared to using the stream classes and manipulators and the horribly-named functions that I have to look up every single time.
Sven Groot I'm Commander Shepard and this is my favourite store on the Citadel.

Sep 02, 2004 at 3:15 PM quote reply

Easier, perhaps. Less readable and more error-prone, definitely.

It's probably a matter of taste, but I prefer the C++ way whenever there is one anyway.
zengyi

Sep 03, 2004 at 3:44 AM quote reply

It'll be cool if you could give us more samples.Thank you.
curobosqui

Sep 04, 2004 at 3:37 PM quote reply

I'm just curious, have the STL functions that take 2 iterators (begin and end) for the input container and 1 for the optput been reworked too? So that they take also an iterator to the end of the output?

I'm thinking of algorithms like copy or transform.

Remove this comment

Remove this thread

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.