I apologize, I meant #2...the SANS comment. Thanks! Trevor
On 7/29/06 11:33 PM, "Laura A. Robinson" <[EMAIL PROTECTED]> wrote: > How can I provide links to something I say doesn't exist? :-) > > There are lots of guidelines out there, and there are even some relatively > well agreed-upon sets of them (Common Criteria "standards", etc.), but there > is not a specific single set of specifications that serves as a worldwide > standard. That's why I wondered to which "standards" the OP was referring. > > Laura > >> -----Original Message----- >> From: Trevor Seward [mailto:[EMAIL PROTECTED] >> Sent: Saturday, July 29, 2006 7:54 PM >> To: [EMAIL PROTECTED]; [email protected] >> Subject: Re: .Net Satisfies Security Compliance Satistactions >> or Not ??? >> >> Laura, not disputing your claim, but can you provide links >> regarding #3? >> >> Thanks! >> Trevor >> >> >> On 7/27/06 10:01 AM, "Laura A. Robinson" >> <[EMAIL PROTECTED]> wrote: >> >>> 1. If it's not "any feud against M$", you might want to >> consider not >>> referring to Microsoft as "M$". >>> >>> 2. No offense to SANS, but even as recently as last week, >> I've heard >>> things they've told people about MS software that were last true in >>> 1996. I don't know if it's an endemic thing in SANS, or if >> they just >>> have one or two woefully uninformed people presenting for them, but >>> they have propagated some complete bulls**t presented as fact and >>> people unfortunately sometimes just swallow it up rather than >>> verifying for themselves whether the statements are accurate. >>> >>> 3. To whose "Security compliance standards" do you refer, exactly? >>> There is not a single set of standards out there for >> anything computer >>> security related. >>> >>> 4. To what "vulnerable features" do you refer? >>> >>> I'm sorry, but your post almost reads like a troll because >> you don't >>> list a single specific question, just throw out some FUD >> about the .NET framework. >>> If you have some actual questions, please, do ask them and you'll >>> undoubtedly get some well-informed responses. But what >> you've written >>> below is unanswerable because it doesn't actually ask any >> real questions. >>> >>> Laura >>> >>>> -----Original Message----- >>>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>>> Sent: Thursday, July 27, 2006 9:53 AM >>>> To: [email protected] >>>> Subject: .Net Satisfies Security Compliance Satistactions >> or Not ??? >>>> >>>> Hey group, >>>> >>>> I attended the SANS conference for .Net security session. >>>> Based on some lecture's and based on my search findings at >> internet >>>> search engines, I wanted to ask if .NET cannot comply to >> the Security >>>> compliance standards at all. Various issues involved with the >>>> vulnerable features of .Net framework scares the hell out of the >>>> Security Developers around the world, who are involved with .Net >>>> framework. Did any security group consider making any updates and >>>> releasing it to M$, has anyone contacted them yet, any progress on >>>> fixing these issues and bringing it into compliance. >>>> >>>> >>>> Sorry if that involved a lot of questions in a single email >>>> :-) Was just curious to know what is going around. >>>> >>>> >>>> Shyaam >>>> >>>> >>>> PS: this is not any feud against M$ and I am just trying to learn >>>> more about this. Please dont respond to this email thinking that I >>>> belong to some anti-M$ gang, I am requesting as it has happened >>>> before. I need more input and hence I am posting in this group. >>>> >>>> -------------------------------------------------------------- >>>> ------------- >>>> -------------------------------------------------------------- >>>> ------------- >>>> >>> >>> >>> >> ---------------------------------------------------------------------- >>> ----- >>> >> ---------------------------------------------------------------------- >>> ----- >>> >> > > > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
