Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Unclassified NSA document on .NET 2.0 Framework Security

From: mlyman-cissp at comcast.net (Mike Lyman)
Date: Mon, 24 Nov 2008 11:31:09 -0600
Dinis Cruz wrote:

Don't get me wrong, this is a great document if one is interested in
writing applications that use CAS (Code Access Security), I would love
for this to be widely used.


When we recommended recommending CAS during a review of the U.S. Defense
Information System Agency's new Application Security and Development
Security Technical Implementation Guide earlier this year we were met
with what amounted to blank stares. (At least it seemed like that since
it was a phone conference.) Some on the call understood it and agreed
with the recommendation but those hosting the call and doing the writing
didn't seem to grasp it. It may be a while before we see too many
adopting this or requiring it for a while.
-- 

Mike Lyman
mlyman at west-point.org
Previous By Date Next
Previous By Thread Next

Current thread: