Hi, Well, aside from the fact that your post is obviously Anti Microsoft despite your claim....
Actually the .NET Framework is quite secure. Don't confuse developers writing insecure applications with .NET to mean that .NET isn't secure. SANS is known for being very selective in it's fact reporting, which most places are so I'm not singling them out. Can you give any specific examples of where .NET itself is not adhering to the standards you mentioned so we can address them? .NET actually enables less experienced developers to write far more secure code than if they were writing in pure C++. It offers experienced developers a way to write powerful and secure applications with far less code that it would take to write the equivalent secure code in C/C++ and in some cases Java. I think perhaps you may have been mislead, although I am very curious to see what standards .NET is reportedly not up to scratch with. I'm pretty familiar with a lot of them. The few that do exist aren't standards but guidelines. I happen to know that Microsoft is working with several other organizations to create some secure coding standards as well. RH -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 27, 2006 9:53 AM To: [email protected] Subject: .Net Satisfies Security Compliance Satistactions or Not ??? Hey group, I attended the SANS conference for .Net security session. Based on some lecture's and based on my search findings at internet search engines, I wanted to ask if .NET cannot comply to the Security compliance standards at all. Various issues involved with the vulnerable features of .Net framework scares the hell out of the Security Developers around the world, who are involved with .Net framework. Did any security group consider making any updates and releasing it to M$, has anyone contacted them yet, any progress on fixing these issues and bringing it into compliance. Sorry if that involved a lot of questions in a single email :-) Was just curious to know what is going around. Shyaam PS: this is not any feud against M$ and I am just trying to learn more about this. Please dont respond to this email thinking that I belong to some anti-M$ gang, I am requesting as it has happened before. I need more input and hence I am posting in this group. --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
