A post about editor extension for security and banned APIs

A post about editor extension for security and banned APIs

  • Comments 1

Security is something we take very seriously and we work with a number of teams across the company to keep native apps as secure as possible. An example of this in Visual Studio 2010 was our work on the GS flag. One of our colleagues, Tim Burrell, who has helped us develop these ideas has written a post on the Security Development Lifecycle blog in which he takes advantage of our new editor extensibility enhancements to help developers catch unsafe code more quickly. I think this is the tip of the iceberg in terms of what people will come up with to push quality higher up into the lifecycle of development and I can imagine many company-specific extensions to do things like what Tim describes in the post. In any case, I highly encourage you to follow the SDL blog if you care about making your apps more secure!

Cheers,

Boris Jabes

  • We watch for and prohibit use of many API calls in the .NET Framework, not for security, but for maintainability.  Using those calls is a sign of overly complex, poorly performing and hard to maintain code.

Page 1 of 1 (1 items)