Foundstone Analyzes Security Architecture of Microsoft .NET Framework

Business Wire, Nov 26, 2001

Business Editors/High-Tech Writers

IRVINE, Calif.--(BUSINESS WIRE)--Nov. 26, 2001

Publishes Security Overview of .Net Framework Calling it a Robust

Platform for Enterprise and Web Application Security

Foundstone Inc., the premier provider of managed and professional security assessment services and education, today announced the results of its work with Microsoft to help examine the security of systems running Microsoft's .NET Framework, a platform for building, deploying, and running XML Web services and applications. Foundstone has been working on the .NET Framework for over a year, prior to the first beta release of the software, analyzing and assessing the architecture and code-level implementation of its security infrastructure.

The .NET Framework provides novel approaches to securing both client and server machines through its core security features: evidence- and role-based security, code access security, the verification process, cryptography, isolated storage, and application domains. Today, Foundstone and its security partner Core Security Technologies, published a white paper based on its work with Microsoft, explaining how these various security features work together to help both software developers and systems administrators in their efforts to write and run safe applications.

"The .NET Framework team has addressed security with the utmost priority," said Joel Scambray, managing principle at Foundstone and technical lead for the .NET Framework security review. "Based on our own analysis and extended interactions with the .NET Framework architects at Microsoft, we believe it to be a great emerging platform for enterprise and Web applications, from a security perspective. We feel that application security will improve as the migration towards the .NET Framework continues."

"We initially brought in Foundstone as part of our company-wide Secure Windows Initiative, to help us test the security features of the .NET Framework and architecture," said Tom Button, vice president of Developer Marketing and Enterprise Tools at Microsoft. "Foundstone has been a tremendous help throughout the review process."

Foundstone's analysis highlights a number of security benefits the .NET Framework provides developers and administrators, including granular security control over applications and resources and an easy-to-use toolset to implement powerful authentication, authorization and cryptographic routines. The .NET Framework eliminates many of the security risks facing applications today and relieves users from having to make critical security decisions based on whether or not to run an application and what resources that application should be able to access.

About Microsoft's .NET Framework

The .NET Framework is a platform for building, deploying, and running XML Web services and applications. It provides a highly productive, standards-based, multi-language environment for integrating existing investments with the next-generation applications and services as well as the agility to solve the challenges of deployment and operation of Internet-scale applications. Version 1 of the .NET Framework will be available by the end of the 2001. For more information, visit http://msdn.microsoft.com/net.> About Foundstone Product Testing Services

Foundstone provides independent technical security evaluations of software products and web services utilizing the assessment methodology made famous in the International best seller, Hacking Exposed: Network Security Secrets & Solutions. Foundstone determines the true security capabilities of a product from a hacker's perspective by leveraging their acclaimed Foundscan technology combined with a consulting based approach. Evaluations are performed in Foundstone's security testing lab or on-site working closely with the development team during the product development life cycle. For vendors, Foundstone will provide a completely private analysis of how a product stacks up against others in the market. Testing includes functionality verification, security weakness identification and technical security improvement recommendations.

To review the whitepaper, "Security in the Microsoft .NET Framework", visit http://www.foundstone.com/microsoft/dotnet.> About Foundstone

Foundstone, Inc. addresses the security and privacy needs of Global 2000 companies with its world-class Managed Security Services coupled with Professional Consulting and Education service offerings. Foundstone has one of the most dominant security talent pools ever assembled, including experts from Ernst & Young, KPMG, PricewaterhouseCoopers, "Black World" defense contractors, and the United States Air Force. Foundstone executives authored the international best seller "Hacking Exposed: Network Security Secrets & Solutions." Foundstone is headquartered in Irvine, California. For more information, visit www.foundstone.com or call 1-877-91-FOUND.

Note to Editors: Foundstone is a trademark of Foundstone, Inc. All other companies, brands names or products are trademarks or registered trademarks of their respective companies.