What is Security Development Lifecycle Checks option in Visual Studio?

Neil Kirk picture Neil Kirk · Aug 19, 2013 · Viewed 29.2k times · Source

I am using Visual Studio 2013 Preview, although I'm sure I've seen it in earlier versions. When creating a new project using the wizard, I select C++, Win32 Console Application, and there is an option to enable Security Development Lifecycle Checks on my project. Could someone explain exactly what this option does to my code/project?

Answer

MSalters picture MSalters · Aug 19, 2013

The /sdl switch is described here. It turns some warnings into errors, which does not affect your code. Furthermore, it applies the /GS check more aggresively.

Don't expect too much from it. The Microsoft SDL is really a workaround for 1980's style C programming. Even it you use 20th century C++, you don't need it. E.g. operator+(std::string, std::string) is both safe and portable. Microsoft's SDL solution here in contrast is not portable, nor is it safe - the idea behind /GS is to find errors with C string handling at runtime and abort the program, limiting the consequences but not making it safe.