[SC-L] Unclassified NSA document on .NET 2.0 Framework Security
Mike Lyman
mlyman-cissp at comcast.net
Mon Nov 24 12:31:09 EST 2008
Dinis Cruz wrote:
> Don't get me wrong, this is a great document if one is interested in
> writing applications that use CAS (Code Access Security), I would love
> for this to be widely used.
When we recommended recommending CAS during a review of the U.S. Defense
Information System Agency's new Application Security and Development
Security Technical Implementation Guide earlier this year we were met
with what amounted to blank stares. (At least it seemed like that since
it was a phone conference.) Some on the call understood it and agreed
with the recommendation but those hosting the call and doing the writing
didn't seem to grasp it. It may be a while before we see too many
adopting this or requiring it for a while.
--
Mike Lyman
mlyman at west-point.org
More information about the SC-L
mailing list