# Saturday, October 17, 2009
As C++ developers, we have a lot of options about how to link to libraries we use. We read sometimes that if we link statically, we will have more work to do if there's ever a security hole in the library, since we'll have to redeploy our app rather than just relying on the users to get the new library and use it dynamically. There's a great example of that in the ATL story that is now just wrapping up. A problem was discovered in July, and emergency updates were promptly released - just a day before the guys who discovered the problem spoke about it publicly. An article that same day pointed out that the error was almost a typo - an extra & in an expression - and warned that the patches "do not automatically fix software that was developed using the buggy ATL. Instead, vendors -- Microsoft as well as third-party firms -- must use the patched Visual Studio to recompile their code, then distribute the new, secure software to users." Well finally, Microsoft has finished their part of it with updates for the parts of Office that were using the old ATL. Have you done all of yours?

Kate

ps: love the "related twitters" at the bottom of the article - people may not tweet about the Active Template Library very often, but they sure do mention a certain airport / city that uses the same abbreviation :-)

Saturday, October 17, 2009 12:13:47 PM (Eastern Daylight Time, UTC-04:00)  #