Secure code on vista only for 'enterprise' developers?

| 0 Comments

I picked up a book yesterday, Writing Secure Code for Windows Vista. Which seemed quite interesting, and was a nice slim volume that would slip into my hand luggage for my flight to Geneva on Friday night (yay first ski weekend of the season!). I've been flicking through it this evening and was interested in the "Standard Annotation Language" (SAL) for annotating unmanaged functions that muck around with memory buffers, it looked like a potentially easy adjustment to The Server Framework code which would possibly improve security and usability... Unfortunately it seems that SAL is only operational when you run with the /analyze compiler switch and that's only available if you're running an 'enterprise' level of Visual Studio...

It seems a pity that a code security and correctness feature is only available in the most expensive editions of Visual Studio... Now, I could go away and install one of the Team System versions of Visual Studio from my MSDN subscription, but, well, I don't currently need to muck up my development machine so I guess I'll just add 'investigate using SAL' to my list of things to do...

Leave a comment