One of the cool new things we are doing in the security push is the conversion of all uses of potentially unsafe CRT (C Runtime) functions to their new, safe counterparts. When we think of unsafe CRT functions, we usually think of string manipulation functions and these functions are probably indeed responsible for most of the security bugs (For a few examples of what can go wrong with the traditional string manipulation functions, read this post) but there are other improvements in the CRT libraries. As mentioned on MSDN the main categories of improvement in CRT are: parameter validation, sized buffers, null termination, enhanced error reporting, file system security, Windows security, and format string syntax checking.
ResourcesFor a great introduction to Secure CRT, read this article by Michael Howard. A list of secure CRT functions with short descriptions and links to longer articles is available in the Whidbey section of MSDN. Secure CRT is also mentioned by another blogger. A clever way of using templates to avoid typing the extra parameter when the compiler can deduce it itself is described here.
RotorSecure CRT functions are being discussed in the context of the ISO/IEC standard for C (in JTC1/SC22/WG14). You can read the submission and the Security TR Editor's Report online. However, since these functions have not been added to the C standard yet and we want to compile Rotor Whidbey on non-Windows platforms, we will include implementations of some of the secure CRT functions in the Rotor distribution. Our current plan is to include only as much as we need for Rotor, so this will not be a complete implementation.