Secure Coding mailing list archives
Unclassified NSA document on .NET 2.0 Framework Security
From: ljknews at mac.com (ljknews)
Date: Tue, 25 Nov 2008 17:44:14 -0400
At 10:57 AM -0800 11/25/08, Andy Steingruebl wrote:
On Tue, Nov 25, 2008 at 9:48 AM, Gunnar Peterson <<mailto:gunnar at arctecgroup.net>gunnar at arctecgroup.net> wrote: but actually the main point of my post and the one i would like to hear people's thoughts on - is to say that attempting to apply principle of least privilege in the real world often leads to drilling dry wells. i am not blaming any group in particular i am saying i think it is in the "too hard" pile for now and we as software security people should not be advocating for it until or unless we can find cost effective ways to implement it.
Certainly it is not a dry well. For the operating system I deal with, application programmers _consistently_ ignore the facility provided for fine-grained access to files and leave users with coarse-grained access as their only recourse. Of course I am not talking about .NET 2.0, as others have not restricted their comments to that either. -- Larry Kilgallen
Current thread:
- Unclassified NSA document on .NET 2.0 Framework Security, (continued)
- Unclassified NSA document on .NET 2.0 Framework Security Gunnar Peterson (Nov 25)
- Message not available
- Unclassified NSA document on .NET 2.0 Framework Security Gunnar Peterson (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 26)
- Regional differences in software security Gary McGraw (Nov 26)
- Regional differences in software security Kenneth Van Wyk (Nov 26)
- Regional differences in software security Stephen Craig Evans (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Susan Bradley (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Jerry Leichter (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Andy Steingruebl (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security ljknews (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Shea, Brian A (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Susan Bradley, CPA (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Dana Epp (Nov 25)