SEARCH RESULTS
 
Showing 1-3 of 3 records
1
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
...linker because important defenses are added by the tools If using Visual C++, use Visual Studio 2005 SP1 or later Compile with appropriate compiler flags Compile clean at the highest possible warning level Compile with GS to detect stack-based buffer overruns Link with appropriate linker flags: /NXCompat to get NX defenses, /DynamicBase to...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...Linker SDL Requirements There is no indication which compiler is used to compile these DLLs, but it looks like none have stack-based buffer overrun detection defense (such as the Visual Studio C++ /GS flag) or exception handler defenses (such as the Microsoft Link /SAFESEH flag) - both of which are SDL requirements. I also assume that the...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Oh No! Security Metrics!

2008-04-18 12:43:00 by sdl in The Security Development Lifecycle
 
...linker requirements (Net effect: extra defenses, in case you miss a bug Fuzz testing (Net effect: implementation bugs found before shipping So, to answer Mr. Lindstrom's question Could it really be that SDL has done nothing to help MS developers write better code Without a doubt, the SDL has helped Microsoft developers write better and more...
 
Tags: bugs, implementation bugs, fewer security bugs, fewer, security bugs include, security, metrics, security metrics, security bugs
 
 
 
 
 
Showing 1-3 of 3 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia