RE: .Net Satisfies Security Compliance Satistactions or Not ???



Hi,
Well, aside from the fact that your post is obviously Anti Microsoft despite
your claim....

Actually the .NET Framework is quite secure. Don't confuse developers
writing insecure applications with .NET to mean that .NET isn't secure. SANS
is known for being very selective in it's fact reporting, which most places
are so I'm not singling them out.

Can you give any specific examples of where .NET itself is not adhering to
the standards you mentioned so we can address them?

.NET actually enables less experienced developers to write far more secure
code than if they were writing in pure C++. It offers experienced
developers a way to write powerful and secure applications with far less
code that it would take to write the equivalent secure code in C/C++ and in
some cases Java.

I think perhaps you may have been mislead, although I am very curious to see
what standards .NET is reportedly not up to scratch with. I'm pretty
familiar with a lot of them. The few that do exist aren't standards but
guidelines. I happen to know that Microsoft is working with several other
organizations to create some secure coding standards as well.

RH

-----Original Message-----
From: shyaam@xxxxxxxxx [mailto:shyaam@xxxxxxxxx]
Sent: Thursday, July 27, 2006 9:53 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: .Net Satisfies Security Compliance Satistactions or Not ???

Hey group,

I attended the SANS conference for .Net security session. Based on some
lecture's and based on my search findings at internet search engines, I
wanted to ask if .NET cannot comply to the Security compliance standards at
all. Various issues involved with the vulnerable features of .Net framework
scares the hell out of the Security Developers around the world, who are
involved with .Net framework. Did any security group consider making any
updates and releasing it to M$, has anyone contacted them yet, any progress
on fixing these issues and bringing it into compliance.


Sorry if that involved a lot of questions in a single email :-) Was just
curious to know what is going around.


Shyaam


PS: this is not any feud against M$ and I am just trying to learn more about
this. Please dont respond to this email thinking that I belong to some
anti-M$ gang, I am requesting as it has happened before. I need more input
and hence I am posting in this group.

---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Why Easy To Use Software Is Putting You At Risk
    ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... Is It Also Secure ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    (Security-Basics)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Can Easy To Use Software Also Be Secure ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    (Security-Basics)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... So even if you do not want the piece of paper - education never hurts. ... Can Easy To Use Software Also Be Secure ... because DNS does not configure properly or security permissions are ... easier to work with then they use to is developers have created ...
    (Security-Basics)
  • Re: Why open source software is more secure
    ... and one of them is security. ... than giving an impression that their software can be made "secure enough" ... While the high quality of the software is a potential factor in making ... good as possible because the developers themselves typically use it -- ...
    (Security-Basics)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Anyone who has been working with computers for a long time ... because DNS does not configure properly or security ... Is It Also Secure ... Microsoft developers. ...
    (Security-Basics)