* Use of Outdated Compiler Tool Sets – Binaries should be compiled against the most recent compiler tool sets wherever possible to maximize the use of current compiler-level and OS-provided security mitigations.
* Insecure Compilation Settings – Binaries should be compiled with the most secure settings possible to enable OS-provided security mitigations, maximize compiler errors and actionable warnings reporting, among other things.
* Signing issues – Signed binaries should be signed with cryptographically-strong algorithms.
+ Visual Studio
Usage and Download:
git clone https://github.com/Microsoft/binskim && cd binskim
right click binskim.sln file into Visual Studio
binskim analyze *.exe *.dll –recurse