I am using Visual Studio 2013 Preview, although I'm sure I've seen it in earlier versions. When creating a new project using the wizard, I select C++, Win32 Console Application, and there is an option to enable Security Development Lifecycle Checks on my project. Could someone explain exactly what this option does to my code/project?
What is Security Development Lifecycle Checks option in Visual Studio?
30.7k views Asked by Neil Kirk At
2
There are 2 answers
1
On
The Microsoft Security Development Lifecycle is a software development process used and proposed by Microsoft to reduce software maintenance costs and increase reliability of software concerning software security related bugs.
These may helpful:
http://msdn.microsoft.com/en-us/library/windows/desktop/84aed186-1d75-4366-8e61-8d258746bopq.aspx
The
/sdlswitch is described here. It turns some warnings into errors, which does not affect your code. Furthermore, it applies the/GScheck more aggresively.Don't expect too much from it. The Microsoft SDL is really a workaround for 1980's style C programming. Even it you use 20th century C++, you don't need it. E.g.
operator+(std::string, std::string)is both safe and portable. Microsoft's SDL solution here in contrast is not portable, nor is it safe - the idea behind/GSis to find errors with C string handling at runtime and abort the program, limiting the consequences but not making it safe.