Hi,
Well, aside from the fact that your post is obviously Anti Microsoft despite
your claim....
Actually the .NET Framework is quite secure. Don't confuse developers
writing insecure applications with .NET to mean that .NET isn't secure. SANS
is known for being very selective in it's fact reporting, which most places
are so I'm not singling them out.
Can you give any specific examples of where .NET itself is not adhering to
the standards you mentioned so we can address them?
.NET actually enables less experienced developers to write far more secure
code than if they were writing in pure C++. It offers experienced
developers a way to write powerful and secure applications with far less
code that it would take to write the equivalent secure code in C/C++ and in
some cases Java.
I think perhaps you may have been mislead, although I am very curious to see
what standards .NET is reportedly not up to scratch with. I'm pretty
familiar with a lot of them. The few that do exist aren't standards but
guidelines. I happen to know that Microsoft is working with several other
organizations to create some secure coding standards as well.
RH
-----Original Message-----
From: shyaam@gmail.com [mailto:shyaam@gmail.com]
Sent: Thursday, July 27, 2006 9:53 AM
To: focus-ms@securityfocus.com
Subject: .Net Satisfies Security Compliance Satistactions or Not ???
Hey group,
I attended the SANS conference for .Net security session. Based on some
lecture's and based on my search findings at internet search engines, I
wanted to ask if .NET cannot comply to the Security compliance standards at
all. Various issues involved with the vulnerable features of .Net framework
scares the hell out of the Security Developers around the world, who are
involved with .Net framework. Did any security group consider making any
updates and releasing it to M$, has anyone contacted them yet, any progress
on fixing these issues and bringing it into compliance.
Sorry if that involved a lot of questions in a single email :-) Was just
curious to know what is going around.
Shyaam
PS: this is not any feud against M$ and I am just trying to learn more about
this. Please dont respond to this email thinking that I belong to some
anti-M$ gang, I am requesting as it has happened before. I need more input
and hence I am posting in this group.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
