Tales from the Crypto

         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

May 21, 2006

Okay, scratch what I said about SAL

Despite what Michael Howard says about how wonderful SAL is, and my own post from earlier today, I really shouldn’t be telling you about it.

Is that because it’s under NDA?  Is it because it’s a skill I learned at Microsoft, but can’t use outside because of a non-compete clause?


It’s because most developers won’t be getting to use it (me included, for much of my work).

I think this is a thoroughly inappropriate decision on Microsoft’s part.

Restrict detailed profiling to the Enterprise versions all you like, maybe even restrict code testing, or the version control suite, or the team functions – but what on earth is the point of restricting code analysis tools that are designed to secure Windows applications?

I don’t understand this at all.

Windows gets most of its bad reputation for unsecure code because of the applications that run on it – and frequently, the third-party applications, many of which refuse to run unless the user is a full-blown administrator, despite them being choc-full of exploitable buffer overruns.

SAL could help fix that problem, were it to be made available to the multitude of developers.

But no, it’s a “premium feature”, restricted to “the Enterprise” (not a space-ship, just big businesses).

Sometimes, Microsoft does something that I just cannot understand. This is one of those times, and I’m really irritated at them for it.


  1.   Mario Contestabile — May 22, 2006 @ 9:47 pm    Reply

    For our next dev cycle, I wanted to use /analyze, so I got a price quote for the team edition. It was around 9K.

    I got the 180-day trial…

    Don’t understand the business reason behind that either..

  2.   Richard — October 1, 2010 @ 3:50 pm    Reply

    If you use the compilers which come with the Platform SDK, you get support for /analyze.

  3.   alunj — October 6, 2010 @ 12:41 pm    Reply

    Yeah, you’ll see I already covered that in http://msmvps.com/blogs/alunj/archive/2006/05/26/97185.aspx

RSS feed for comments on this post. TrackBack URI

Leave a comment

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs