On Fri, 2005-02-04 at 09:44 +0100, Philip Wagenaar wrote:
> Hi Daniel,
>
> As you know C#,VB.NET and Cobolt.NET etc etc all compile into the Common Runtime Language.
>
> I am not aware of any big weaknesses in the CLR, but I would search for papers on the CLR instead of a specific .Net Language.
Daniel,
I'd like to see any papers that you come up with on the CLR, please post
anything interesting you find to the list and/or to me privately, I
haven't seen anything on that front myself and would be interested in
it.
As for the .NET framework itself the only problems in it as far as MS
are concerned are:
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx
and
http://www.microsoft.com/technet/security/Bulletin/MS02-026.mspx
There is also one upcoming in the next monthly advisory bundle
http://www.microsoft.com/technet/security/bulletin/summary.mspx#EOAA
(The link to the February list is on that page but I didn't want to link
directly to it, to ensure the link was still useful when this email is
archived, as the advance notice page changes monthly and there won't be
a permanent link until the advisories are released :-)
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
> Hi Daniel,
>
> As you know C#,VB.NET and Cobolt.NET etc etc all compile into the Common Runtime Language.
>
> I am not aware of any big weaknesses in the CLR, but I would search for papers on the CLR instead of a specific .Net Language.
Daniel,
I'd like to see any papers that you come up with on the CLR, please post
anything interesting you find to the list and/or to me privately, I
haven't seen anything on that front myself and would be interested in
it.
As for the .NET framework itself the only problems in it as far as MS
are concerned are:
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx
and
http://www.microsoft.com/technet/security/Bulletin/MS02-026.mspx
There is also one upcoming in the next monthly advisory bundle
http://www.microsoft.com/technet/security/bulletin/summary.mspx#EOAA
(The link to the February list is on that page but I didn't want to link
directly to it, to ensure the link was still useful when this email is
archived, as the advance notice page changes monthly and there won't be
a permanent link until the advisories are released :-)
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
blog: http://zeedo.blogspot.com
site: http://www.bsrf.org.uk
[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
[ reply ]