Joe Mamma Posted July 17, 2004 Posted July 17, 2004 (edited) I just got terrible news from our client's client: You see, we are working for a company that has an document control app that manages clearances and personel access for defense contractors implementing the NISPOM requirements set down by the US DoD. We are working on moving this app, which is run in heavily secure areas, to .NET from VB6 to the .NET framework in order to lots of things you simply can't do in VB6. Well, we just found out, after 4 months of development, that .NET is not NSA accredited. Its not our fault, we were contracted to do .NET. But man, what a huge set back. So keep this in mind. If you are developing apps that will be running in public sector secure areas, or that will be used by companies that adhere to NSA accredidation, .NET is not the way to go right now. Timeline you ask? well, Win 2000 didn't get accredited until last year, what, four years after its release??? NT 4 was never accredited in its lifetime??? .NET 1.1 is only a little over a year old? We might be going all Sun Java now. christ, this sucks!!! Edited July 18, 2004 by Volte Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Moderators Robby Posted July 18, 2004 Moderators Posted July 18, 2004 I don't understand how they can issue a mandate without checking on something so fundamental. But, I'm sure that some of the big-wigs there can talk with the NSA to speed things along. (Not likely but it's worth a try) Quote Visit...Bassic Software
*Gurus* divil Posted July 20, 2004 *Gurus* Posted July 20, 2004 That sucks, what a kick in the teeth. Quote MVP, Visual Developer - .NET Now you see why evil will always triumph - because good is dumb. My free .NET Windows Forms Controls and Articles
*Gurus* Derek Stone Posted July 20, 2004 *Gurus* Posted July 20, 2004 The fact that the NSA can't verify a platform that is 3+ years old, is pathetic. Quote Posting Guidelines
Leaders Banjo Posted July 21, 2004 Leaders Posted July 21, 2004 If you look at it the other way, MS are still finding security holes in Win2K even after 3 years. Quote Those who live by the sword get shot by those who don't!
*Gurus* Derek Stone Posted July 22, 2004 *Gurus* Posted July 22, 2004 ... and they're still finding holes in Unix, Linux, Mac OS, BSD, Windows CE/Mobile, Symbian... One hole is all you need. Security is about being proactive and reactive, not about being perfect. No system is invunerable. I'm curious as to why they're not recognizing the .NET platform however. Is it due to the platform itself (the base class libraries to be specific), the languages (this would make very little sense, if any at all), or Windows? I'm inclined to think the latter. Quote Posting Guidelines
Joe Mamma Posted July 23, 2004 Author Posted July 23, 2004 Living in DC, I really think it has to be due to the slooooowwww workings of the public sector. I doubt it has anything to do with 'tech-politics.' We are still trying to get clarification on this, too. It could be that it is approved only Navy (our client) hasn't approved it for in house. But our contact at Navy threw up the red flag when we were demo'ing our ASP.NET solutions. Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.