Choosing the right API

The best APIs (from a security perspective) are not universally supported
More recent platforms generally have better support

Some good examples:
setresuid() and setresgid() (just mentioned)
/dev/random
First implemented on Linux and the BSDs, now adopted by Solaris
Absolutely essential for security software
closefrom()
Started on Solaris, now on the BSDs

An unfortunate example: strlcpy() and strlcat()
First appeared in OpenBSD
Now in all the BSDs, Solaris, Linux (kernel)
Basically everywhere except glibc
maintainer is philosophically opposed
Result: over 100 packages maintain their own replacement

