How can I provide links to something I say doesn't exist? :-) There are lots of guidelines out there, and there are even some relatively well agreed-upon sets of them (Common Criteria "standards", etc.), but there is not a specific single set of specifications that serves as a worldwide standard. That's why I wondered to which "standards" the OP was referring.
Laura > -----Original Message----- > From: Trevor Seward [mailto:[EMAIL PROTECTED] > Sent: Saturday, July 29, 2006 7:54 PM > To: [EMAIL PROTECTED]; [email protected] > Subject: Re: .Net Satisfies Security Compliance Satistactions > or Not ??? > > Laura, not disputing your claim, but can you provide links > regarding #3? > > Thanks! > Trevor > > > On 7/27/06 10:01 AM, "Laura A. Robinson" > <[EMAIL PROTECTED]> wrote: > > > 1. If it's not "any feud against M$", you might want to > consider not > > referring to Microsoft as "M$". > > > > 2. No offense to SANS, but even as recently as last week, > I've heard > > things they've told people about MS software that were last true in > > 1996. I don't know if it's an endemic thing in SANS, or if > they just > > have one or two woefully uninformed people presenting for them, but > > they have propagated some complete bulls**t presented as fact and > > people unfortunately sometimes just swallow it up rather than > > verifying for themselves whether the statements are accurate. > > > > 3. To whose "Security compliance standards" do you refer, exactly? > > There is not a single set of standards out there for > anything computer > > security related. > > > > 4. To what "vulnerable features" do you refer? > > > > I'm sorry, but your post almost reads like a troll because > you don't > > list a single specific question, just throw out some FUD > about the .NET framework. > > If you have some actual questions, please, do ask them and you'll > > undoubtedly get some well-informed responses. But what > you've written > > below is unanswerable because it doesn't actually ask any > real questions. > > > > Laura > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, July 27, 2006 9:53 AM > >> To: [email protected] > >> Subject: .Net Satisfies Security Compliance Satistactions > or Not ??? > >> > >> Hey group, > >> > >> I attended the SANS conference for .Net security session. > >> Based on some lecture's and based on my search findings at > internet > >> search engines, I wanted to ask if .NET cannot comply to > the Security > >> compliance standards at all. Various issues involved with the > >> vulnerable features of .Net framework scares the hell out of the > >> Security Developers around the world, who are involved with .Net > >> framework. Did any security group consider making any updates and > >> releasing it to M$, has anyone contacted them yet, any progress on > >> fixing these issues and bringing it into compliance. > >> > >> > >> Sorry if that involved a lot of questions in a single email > >> :-) Was just curious to know what is going around. > >> > >> > >> Shyaam > >> > >> > >> PS: this is not any feud against M$ and I am just trying to learn > >> more about this. Please dont respond to this email thinking that I > >> belong to some anti-M$ gang, I am requesting as it has happened > >> before. I need more input and hence I am posting in this group. > >> > >> -------------------------------------------------------------- > >> ------------- > >> -------------------------------------------------------------- > >> ------------- > >> > > > > > > > ---------------------------------------------------------------------- > > ----- > > > ---------------------------------------------------------------------- > > ----- > > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
