- ARC: How to Prevent USB Attacks
- Rockwell Working on PowerMonitor 1000 Fix
- Horner Clears Cscape Vulnerability
- Delta Fixes it Industrial Automation CNCSoft
- Intel Has Fix for Data Center Manager SDK Holes
- Thermal Fatigue Led to MS Gas Plant Blast …
- … 3D Model of Failed Heat Exchanger
- Fukushima Report: Robot Lifts Melted Fuel
Chemical Safety Incidents
Microsoft Brings Checked C to Open Source
Monday, June 20, 2016 @ 07:06 PM gHale
Microsoft brought Checked C, an extension to the C programming language that brings new features to address a series of security-related issues, into the open source arena.
Checking will help developers detect common programming errors such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts. These programming errors have been at the heart of high-profile vulnerabilities like Shellshock, Heartbleed, or Sandworm.
RELATED STORIES
Encryption Provider Exposes Emails
New Fund for Open Source Security Audits
Fears over Supply Chain Security
Understanding Security Gap for Execs
Checked C plans to address these issues by modifying how it handles pointers. Programmers use pointers to define memory addresses where their code will operate.
Handling pointers can get hectic as their number increases. The bigger the project, the harder it is to keep track of them. Projects like Chromium, Firefox, Office, OpenSSL or other bulky codebases have a big problem with this kind of issues. You only have to take a short look at these projects’ changelogs.
“Checked C allows programmers to better describe how they intend to use pointers and the range of memory occupied by data that a pointer points to,” Microsoft said in a blog post. “This information is then used to add checking at runtime to detect mistakes where the wrong data is accessed, instead of the error occurring silently and without detection.”
Checked C will also allow developers to detect these errors as they type them, something that C cannot. In programming theory, the feature is called “bounds checking,” because it constantly checks if a variable/pointer is assigned inside his bounds.
C# and Rust already have this feature, and much more. The problem is they are not as widely adopted as C and C++. Microsoft hopes the minimal code changes that Checked C will require to existing C/C++ applications, along with the tangible benefits to security, will convince most developers to start adopting Checked C.
Leave a Reply
You must be logged in to post a comment.