I don't know what security standards the original poster is talking about either, but as for problems in regards to security, how about this? http://www.owasp.org/index.php/Microsoft%27s_%27Full_Trust_ASP.NET_in_IIS_6. 0_is_Insecure_by_Design%2C_by_Default_and_in_Deployment%27_Internal_White_Pa per
>-----Original Message----- >From: Rocky [mailto:[EMAIL PROTECTED] >Sent: Thursday, July 27, 2006 5:01 PM >To: [EMAIL PROTECTED]; [email protected] >Subject: RE: .Net Satisfies Security Compliance Satistactions >or Not ??? > >Hi, >Well, aside from the fact that your post is obviously Anti >Microsoft despite your claim.... > >Actually the .NET Framework is quite secure. Don't confuse >developers writing insecure applications with .NET to mean >that .NET isn't secure. SANS is known for being very selective >in it's fact reporting, which most places are so I'm not >singling them out. > >Can you give any specific examples of where .NET itself is not >adhering to the standards you mentioned so we can address them? > >.NET actually enables less experienced developers to write far >more secure code than if they were writing in pure C++. It >offers experienced developers a way to write powerful and >secure applications with far less code that it would take to >write the equivalent secure code in C/C++ and in some cases Java. > >I think perhaps you may have been mislead, although I am very >curious to see what standards .NET is reportedly not up to >scratch with. I'm pretty familiar with a lot of them. The few >that do exist aren't standards but guidelines. I happen to >know that Microsoft is working with several other >organizations to create some secure coding standards as well. > >RH --------------------------------------------------------------------------- ---------------------------------------------------------------------------
