Windows Vista introduced a number of “quality gates” that encompassed security, privacy, reliability, performance, and others. The goal of the quality gates was to throttle code that entered the operating system to make sure it complied with the practices defined by that quality gate. For example, the security quality gate had the following requirements, which we will discuss throughout this chapter:
All C/C++ string buffers annotated with SAL
Banned APIs removed from the codebase
Banned cryptography removed from the codebase
Static analysis used to find and fix bugs
Unmanaged C/C++ compiled with /GS and linked with /SafeSEH, /DynamicBase and /NXCompat
Essentially, new code must pass the quality gate before it can be accepted into the Windows Vista source code tree. The quality gates apply to all developers, and are a very simple and effective way of reducing bugs that enter the system. But most importantly, the quality gates are a means to enforce code policy. Many, but not all, of the security quality gate requirements are derived from the Security Development Lifecycle (SDL). In fact, some security quality gate requirements, as they apply to Windows Vista, go above and beyond the SDL requirements.
The rest of this chapter focuses on the Windows Vista security quality requirements in detail.