RE: .Net Satisfies Security Compliance Satistactions or Not ???



I don't know what security standards the original poster is talking about
either, but as for problems in regards to security, how about this?
http://www.owasp.org/index.php/Microsoft%27s_%27Full_Trust_ASP.NET_in_IIS_6.
0_is_Insecure_by_Design%2C_by_Default_and_in_Deployment%27_Internal_White_Pa
per



-----Original Message-----
From: Rocky [mailto:rocky.he@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, July 27, 2006 5:01 PM
To: shyaam@xxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: .Net Satisfies Security Compliance Satistactions
or Not ???

Hi,
Well, aside from the fact that your post is obviously Anti
Microsoft despite your claim....

Actually the .NET Framework is quite secure. Don't confuse
developers writing insecure applications with .NET to mean
that .NET isn't secure. SANS is known for being very selective
in it's fact reporting, which most places are so I'm not
singling them out.

Can you give any specific examples of where .NET itself is not
adhering to the standards you mentioned so we can address them?

.NET actually enables less experienced developers to write far
more secure code than if they were writing in pure C++. It
offers experienced developers a way to write powerful and
secure applications with far less code that it would take to
write the equivalent secure code in C/C++ and in some cases Java.

I think perhaps you may have been mislead, although I am very
curious to see what standards .NET is reportedly not up to
scratch with. I'm pretty familiar with a lot of them. The few
that do exist aren't standards but guidelines. I happen to
know that Microsoft is working with several other
organizations to create some secure coding standards as well.

RH


---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Re: Secure C library
    ... > do you sort out the good from the marketing opportunities? ... Eg many of the hardware standards, CAN, UML etc ... ISO standards. ... > functions and it *MUST* be safe and secure C if it compiles.... ...
    (comp.std.c)
  • Re: pop3s mua?
    ... > reeealy need secure communications, and POP3 does not quite cut it. ... POP3 security is not a RFC, and pop3ad is built strictly for RFC ... define standards when they are not standard-compliant themself. ...
    (comp.unix.bsd.openbsd.misc)
  • Re: The most popular stream ciphers and their security?
    ... How about their security? ... Is it some kind of standards? ... RC4 is still secure when properly used. ...
    (sci.crypt)
  • Re: Wikipedia "Cryptography" reaches Featured Article status
    ... mission to spy on foreign traffic trump their mission to secure ... of cellular telephone standards weren't encrypted at all, ...
    (sci.crypt)
  • Re: .Net Satisfies Security Compliance Satistactions or Not ???
    ... an email stating that he wants to get paid by Microsoft to do an ... Microsoft despite your claim.... ... Actually the .NET Framework is quite secure. ... adhering to the standards you mentioned so we can address them? ...
    (Focus-Microsoft)