...
For example, the C library technical report, part 1 (TR 24731-1) is catching ongaining support, but at present is only implemented by a few vendors. It introduces functions such as memcpy_s(), which serve the purpose of security by adding the destination buffer size to the API. A forward looking document could not reasonably ignore these simply because they are not yet widely implemented.
...
Some vendors have extensions to C, and some also have implemented only part of the C standard before stopping development. Consequently, it is not possible to back up and only discuss C95, or C90. The vendor support equation is too complicated to draw a line and say that a certain compiler supports exactly a certain standard. Whatever demarcation point is selected, different vendors are on opposite sides of it for different parts of the language. Supporting all possibilities would require testing the cross product of each compiler with each language feature. Consequently we have selected a demarcation point that is the most recent in time, so that the rules and recommendations defined by the standard will be applicable for as long as possible. As a result of the variations in support, source-code portability is enhanced when the programmer uses only the features specified by C90. This is one of many trade-offs between security and portability inherent to C language programming.
The value of forward looking information increases with time before it starts to decrease. The value of backward looking information starts to decrease immediately.
...