I apologize, I meant #2...the SANS comment.
Thanks!
Trevor
On 7/29/06 11:33 PM, "Laura A. Robinson" <larobins@bellatlantic.net> wrote:
How can I provide links to something I say doesn't exist? :-)
There are lots of guidelines out there, and there are even some relatively
well agreed-upon sets of them (Common Criteria "standards", etc.), but there
is not a specific single set of specifications that serves as a worldwide
standard. That's why I wondered to which "standards" the OP was referring.
Laura
-----Original Message-----
From: Trevor Seward [mailto:trevor@rottdog.com]
Sent: Saturday, July 29, 2006 7:54 PM
To: larobins@bellatlantic.net; focus-ms@securityfocus.com
Subject: Re: .Net Satisfies Security Compliance Satistactions
or Not ???
Laura, not disputing your claim, but can you provide links
regarding #3?
Thanks!
Trevor
On 7/27/06 10:01 AM, "Laura A. Robinson"
<larobins@bellatlantic.net> wrote:
1. If it's not "any feud against M$", you might want to
consider not
referring to Microsoft as "M$".
2. No offense to SANS, but even as recently as last week,
I've heard
things they've told people about MS software that were last true in
1996. I don't know if it's an endemic thing in SANS, or if
they just
have one or two woefully uninformed people presenting for them, but
they have propagated some complete bulls**t presented as fact and
people unfortunately sometimes just swallow it up rather than
verifying for themselves whether the statements are accurate.
3. To whose "Security compliance standards" do you refer, exactly?
There is not a single set of standards out there for
anything computer
security related.
4. To what "vulnerable features" do you refer?
I'm sorry, but your post almost reads like a troll because
you don't
list a single specific question, just throw out some FUD
about the .NET framework.
If you have some actual questions, please, do ask them and you'll
undoubtedly get some well-informed responses. But what
you've written
below is unanswerable because it doesn't actually ask any
real questions.
Laura
-----Original Message-----
From: shyaam@gmail.com [mailto:shyaam@gmail.com]
Sent: Thursday, July 27, 2006 9:53 AM
To: focus-ms@securityfocus.com
Subject: .Net Satisfies Security Compliance Satistactions
or Not ???
Hey group,
I attended the SANS conference for .Net security session.
Based on some lecture's and based on my search findings at
internet
search engines, I wanted to ask if .NET cannot comply to
the Security
compliance standards at all. Various issues involved with the
vulnerable features of .Net framework scares the hell out of the
Security Developers around the world, who are involved with .Net
framework. Did any security group consider making any updates and
releasing it to M$, has anyone contacted them yet, any progress on
fixing these issues and bringing it into compliance.
Sorry if that involved a lot of questions in a single email
:-) Was just curious to know what is going around.
Shyaam
PS: this is not any feud against M$ and I am just trying to learn
more about this. Please dont respond to this email thinking that I
belong to some anti-M$ gang, I am requesting as it has happened
before. I need more input and hence I am posting in this group.
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
----------------------------------------------------------------------
-----
----------------------------------------------------------------------
-----
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
