SQ14138
Detected Windows executable files that were compiled without following the recommended SDL process.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | medium | medium | None | hardening: warning Reason: vulnerability mitigation issues |
About the issueโ
Security Development Lifecycle (SDL) is a group of enhanced compile-time checks that report common coding mistakes as errors, preventing them from reaching production. These checks minimize the number of security issues by enforcing strict memory access checks. They also prevent the use of hard-to-secure string and memory manipulation functions. To prove the binary has been compiled with these checks enabled, the compiler emits a special debug object. Removing the debug table eliminates this proof. Therefore, this check only applies to binaries that still have their debug tables.
How to resolve the issueโ
- You should keep the debug table to prove that the SDL process has been followed.
- To enable these checks, refer to your programming language toolchain documentation.
- In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Secure Development Lifecycle: The essential guide to safe software pipelines (External resource - TechBeacon)
- Memory safety (External resource - Memory safety)