Few weeks ago, I picked this document from one of my crazy mailing list subscriptions – Surprising to note an email, that featured an NSA UNCLASSIFIED document that digs deep into Security features of Microsoft .NET Framework ( versions 1.0, 1.1 and 2.0).  The document is a bit dated and it did’nt highlight the latest security features of .NET version 3.x or above.  The summary of the document is quite interesting… “Because the security configuration of the .NET Framework depends on the interplay between the operating system security settings, the operating environment of the host, and the nature of the software that is required or available for execution on the host, it does not lend itself …….“.

Microsoft .NET is not my forte, but the summary implied me that Microsoft .NET has to inherit the known weaknesses of Microsoft Windows OS  !   . I was also curious to know their suggestions to XML Web services security with .NET – it was absent in the document as it hardly touched on Web services.

It’s been a while I used a Windows machine 🙂  No offense, I may be wrong on my comments or need a bit more .NET education .  Overall, it is an impressive document with quite a lot of recommendations and best practices (for any budding developer) involved with securing .NET environment.

To read more on NSA’s recommendations to Microsoft .NET security, refer to: http://www.nsa.gov/snac/app/I731-008R-2006.pdf