[Owasp-dotnet] Comparing Java and .NET Security
Dinis Cruz
dinis at ddplus.net
Sun Oct 2 10:43:05 EDT 2005
this doesn't look right to me: http://blogs.msdn.com/shawnfa/archive/2005/08/17/452760.aspx
Main report here:http://www.cs.virginia.edu/~nrp3d/papers/computers_and_security-net-java.pdf
For example, were are the Full Trust stuff that I have been talking for the last two years (oh yes they are not vulnerabilites because they work by 'design'.
This is a clear example of the benefits that Microsoft has in NOT accepting vulnerabilties when there is NO public exploitation (exploit code) and public pressure.
What would be an interresting research would be to look that the JVM vulnerabilities and do a mapping to .NET of them (note that I haven't read the http://www.cs.virginia.edu/~nrp3d/papers/computers_and_security-net-java.pdf
report)
I will try to look at this when I work on my 'Rooting the CLR' presentation for the Owasp Washington conference
Dinis Cruz
Owasp .Net project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-dotnet/attachments/20051002/0cc8b4e0/attachment.html
More information about the Owasp-dotnet
mailing list