"Memcpy() and brethren, your days are numbered. At least in development shops that aspire to secure coding.
Microsoft plans to formally banish the popular programming function
that's been responsible for an untold number of security
vulnerabilities over the years, not just in Windows but in countless
other applications based on the C language. Effective later this year,
Microsoft will add memcpy(), CopyMemory(), and RtlCopyMemory() to its
list of function calls banned under its secure development lifecycle."
…
"Developers who want to be SDL compliant will instead have to replace
memcpy() functions with memcpy_s, a newer command that takes an
additional parameter delineating the size of the destination buffer."
I'm actually a big fan of the concept of banned functions and preventing usage by the majority of people as long as alternatives are clearly outlined.
Read more: http://www.theregister.co.uk/2009/05/15/microsoft_banishes_memcpy/
