Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Hi, Michael Howard here.
One very low-cost and low-friction SDL task that has high impact is removing (and not adding) banned functionality. The most common examples of banned functionality include various C runtime functions, such as strcpy(), strcat(), strncpy(), sprint(), gets() and their evil brethren; and weak crypto algorithms, such as DES, MD4 and SHA-1.
Over the years, I have shepherded the banned API requirement through the SDL, making updates along the way. One of the biggest changes in recent years (other than adding memcpy() to the list) is a separation of ‘required banned’ functions and ‘recommended banned’ functions. The reason for this change is some functions are a ‘clear and present danger’ and should never be used in any code. Ever. E.V.E.R! This is the SDL ‘required banned’ list.
Other C runtime functions pose less of a risk; but in high-risk code, or code with a very high attack surface, they should be considered for removal, and certainly not added to new code in the first place. This is the SDL ‘recommended banned’ list.
We have created an update to the original banned API and recommended replacements list. That updated text is here and the header file is here.
Feel free to leave a note if you have a question of comment
The header file link is to
Date Published: 12/15/2010
Is this the new version, or should we be waiting for a 2.1/3.0 to appear on Microsoft Downloads?
Josh - the header is current, the doc was old, but we figured we'd point out the header anyway :)