RE: .Net Satisfies Security Compliance Satistactions or Not ???



I don't know what security standards the original poster is talking about
either, but as for problems in regards to security, how about this?
http://www.owasp.org/index.php/Microsoft%27s_%27Full_Trust_ASP.NET_in_IIS_6.
0_is_Insecure_by_Design%2C_by_Default_and_in_Deployment%27_Internal_White_Pa
per



-----Original Message-----
From: Rocky [mailto:rocky.he@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, July 27, 2006 5:01 PM
To: shyaam@xxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: .Net Satisfies Security Compliance Satistactions
or Not ???

Hi,
Well, aside from the fact that your post is obviously Anti
Microsoft despite your claim....

Actually the .NET Framework is quite secure. Don't confuse
developers writing insecure applications with .NET to mean
that .NET isn't secure. SANS is known for being very selective
in it's fact reporting, which most places are so I'm not
singling them out.

Can you give any specific examples of where .NET itself is not
adhering to the standards you mentioned so we can address them?

.NET actually enables less experienced developers to write far
more secure code than if they were writing in pure C++. It
offers experienced developers a way to write powerful and
secure applications with far less code that it would take to
write the equivalent secure code in C/C++ and in some cases Java.

I think perhaps you may have been mislead, although I am very
curious to see what standards .NET is reportedly not up to
scratch with. I'm pretty familiar with a lot of them. The few
that do exist aren't standards but guidelines. I happen to
know that Microsoft is working with several other
organizations to create some secure coding standards as well.

RH


---------------------------------------------------------------------------
---------------------------------------------------------------------------