Yikes!!!

[Joe Mamma]

I just got terrible news from our clients client:

You see, we are working for a company that has an document control app that manages clearances and personel access for defense contractors implementing the NISPOM requirements set down by the US DoD.

We are working on moving this app, which is run in heavily secure areas, to .NET from VB6 to the .NET framework in order to lots of things you simply cant do in VB6.

Well, we just found out, after 4 months of development, that .NET is not NSA accredited. Its not our fault, we were contracted to do .NET.

But man, what a huge set back.

So keep this in mind. If you are developing apps that will be running in public sector secure areas, or that will be used by companies that adhere to NSA accredidation, .NET is not the way to go right now.

Timeline you ask? well, Win 2000 didnt get accredited until last year, what, four years after its release??? NT 4 was never accredited in its lifetime???
.NET 1.1 is only a little over a year old?

We might be going all Sun Java now.

christ, this sucks!!!

 

[Robby]

I dont understand how they can issue a mandate without checking on something so fundamental.

But, Im sure that some of the big-wigs there can talk with the NSA to speed things along. (Not likely but its worth a try)

 

[Divil]

That sucks, what a kick in the teeth.

 

[Derek Stone]

The fact that the NSA cant verify a platform that is 3+ years old, is pathetic.

 

[Banjo]

If you look at it the other way, MS are still finding security holes in Win2K even after 3 years.

 

[Derek Stone]

... and theyre still finding holes in Unix, Linux, Mac OS, BSD, Windows CE/Mobile, Symbian...

One hole is all you need.

Security is about being proactive and reactive, not about being perfect. No system is invunerable.

Im curious as to why theyre not recognizing the .NET platform however. Is it due to the platform itself (the base class libraries to be specific), the languages (this would make very little sense, if any at all), or Windows? Im inclined to think the latter.

 

[Joe Mamma]

Living in DC, I really think it has to be due to the slooooowwww workings of the public sector.

I doubt it has anything to do with tech-politics.

We are still trying to get clarification on this, too. It could be that it is approved only Navy (our client) hasnt approved it for in house. But our contact at Navy threw up the red flag when we were demoing our ASP.NET solutions.