Scott Currie - How is Visual C++ (Whidbey) going to make my code more secure?

Posted: Sep 02, 2004 at 12:26 PM

By: The Channel 9 Team

(1)

21,943 Views

6 Comments

Video format

Option selected may change based on video formats available and browser capability.

Auto

Use our suggested format for this video.

Smooth Streaming

Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth. Silverlight 5 required

Progressive

Traditional buffered video format. Silverlight 5 required

HTML5

For browsers that support H.264 MP4 or WebM video playback such as:
IE9+, Firefox 4+, Chrome 5+, or Safari 4+.

Flash

For browsers that have the Adobe Flash Player plugin installed.

Developers are being asked to create more secure code. The next version of Visual C++, code-named Whidbey, will introduce several new security-protection capabilities. Here Scott Currie, Scott Currie, program manager of Visual C++ discusses the new security-focused changes.

Follow the Discussion

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following these comments

Start following these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this comments

Sven Groot Don't worry... I'm a doctor.

Sep 02, 2004 at 2:03 PM

Sounds interesting. You'll defenitely need to get those secure C APIs standardised though, everybody from Linux to MacOS could benefit from that kind of thing. Not that they'd trust it if it comes from Microsoft, but still...
Also, real C++ programmers don't use C APIs anyway, I mean, who needs scanf and char* when you've got std::cin and std::string (both of which are safe btw)?

Also, it's not exactly clear to me what's so new about this stack buffer overrun protection... VS.NET 2003 does that too. Sure, I assume you've optimised it more, but is there anything really completely totally new added to it? That didn't become very clear from the video to me.
b0b

Sep 02, 2004 at 2:10 PM

Hmm. Looks like this is a good idea for me to use. My programs use a lot of buffers. This will fix a lot of peoples code that would just crash because they didn't use malloc().

Good idea.
AcidHelmNun Would you like fries with that?

Sep 02, 2004 at 2:15 PM

Don't dis the C APIs entirely, I use printf and sprintf all the time (and indirectly via CString::Format). Creating formatted output with them is SO much easier compared to using the stream classes and manipulators and the horribly-named functions that I have to look up every single time.
Sven Groot Don't worry... I'm a doctor.

Sep 02, 2004 at 3:15 PM

Easier, perhaps. Less readable and more error-prone, definitely.

It's probably a matter of taste, but I prefer the C++ way whenever there is one anyway.
zengyi

Sep 03, 2004 at 3:44 AM

It'll be cool if you could give us more samples.Thank you.
curobosqui

Sep 04, 2004 at 3:37 PM

I'm just curious, have the STL functions that take 2 iterators (begin and end) for the input container and 1 for the optput been reworked too? So that they take also an iterator to the end of the output?

I'm thinking of algorithms like copy or transform.