Core Security Technologies and Foundstone, Inc. Analyze Security Architecture of<br>Microsoft .NET Framework

Core Security Technologies and Foundstone, Inc. Analyze Security Architecture of
Microsoft .NET Framework

NEW YORK, NY - Nov. 26, 2001 - Core Security Technologies, a leading provider of state-of-the-art Information Security technology and Foundstone Inc., the premier provider of managed and professional security assessment services and education, today announced the results of their work with Microsoft to help examine the security of systems running Microsoft's .NET Framework, a platform for building, deploying, and running XML Web services and applications. CORE and Foundstone have been working on the .NET Framework for over a year, prior to the first beta release of the software, analyzing and assessing the architecture and code-level implementation of its security infrastructure.

The .NET Framework provides novel approaches to securing both client and server machines through its core security features: evidence- and role-based security, code access security, the verification process, cryptography, isolated storage, and application domains. Today, Core Security Technologies and Foundstone, published a white paper based on their work with Microsoft, explaining how these various security features work together to help both software developers and systems administrators in their efforts to write and run safe applications.

“The .NET Framework team has addressed security with the utmost priority,” said Joel Scambray, managing principle at Foundstone and technical lead for the .NET Framework security review. “Based on our own analysis and extended interactions with the .NET Framework architects at Microsoft, we believe it to be a great emerging platform for enterprise and Web applications, from a security perspective. We feel that application security will improve as the migration towards the .NET Framework continues.”

“We initially brought in Foundstone as part of our company-wide Secure Windows Initiative, to help us test the security features of the .NET Framework and architecture” said Tom Button, vice president of Developer Marketing and Enterprise Tools at Microsoft. “Foundstone and CORE have been a tremendous help throughout the review process.”

The analysis highlights a number of security benefits the .NET Framework provides developers and administrators, including granular security control over applications and resources and an easy-to-use toolset to implement powerful authentication, authorization and cryptographic routines. The .NET Framework eliminates many of the security risks facing applications today and relieves users from having to make critical security decisions based on whether or not to run an application and what resources that application should be able to access.

About Microsoft's .NET Framework
The .NET Framework is a platform for building, deploying, and running XML Web services and applications. It provides a highly productive, standards-based, multi-language environment for integrating existing investments with the next-generation applications and services as well as the agility to solve the challenges of deployment and operation of Internet-scale applications. Version 1 of the .NET Framework will be available by the end of the 2001. For more information, visit

About Core Security Technologies
Core Security Technologies is a leading provider of state-of-the-art Information Security technology for the major organizations in the banking & financial, government, telecommunications, media, and military sectors. CORE provides clients with comprehensive security solutions to assess risk and protect and manage their information assets.
CORE has provided critical security solutions and technology for Fortune 100 companies and over 20 information security software vendors. CORE's clients include BankBoston, PriceWaterhouseCoopers, KPMG, Ernst & Young, Siemens, Network Associates Inc., Foundstone Inc., Real Networks Inc.and several financial institutions in Latin America.
Over the last five years, CORE has established a global reputation and track record in the field of Information Security via its security advisories, academic papers and high-level consulting work with leading US and multi-national firms (including the development of software for security products that have become global industry standards).
The CORE team has evolved into a world-class organization with a proven track record in the Information Security market. Headquartered in New York, CORE has operations in the USA, Argentina and Brazil. CORE will revolutionize the market and provide the technology to lead Information Security into the future.

For more information, visit


All companies, brands names or products are trademarks or registered trademarks of their respective companies.

Mon, November 26