Поделиться через


Security is a Process and not a Product

Over and over I hear developers asking for a product that will secure their code.  Unfortunately, there is no product, or at least that I know of, that can analyze a thousand or tens of thousand lines of code, find every possible security vulnerability and rewrite the developer code hoping that no business rule were invalidated.  This sounds like a silver bullet to me.  Personally, I do not believe a silver bullet exist in either IT or Security. They only exist in the old Western movies with John Wayne and Clint Eastwood.

Therefore, Security has to begin with a process and part of that process is to use to tools as an assistant to find vulnerabilities.  Therefore, with the upcoming release of Visual Studio.Net 2005 we have integrated tools right into the UI to help with the Security process.  Many of the tools that are discussed in the Article "New Security Features in Visual Studio.Net 2005, previously, had to be installed separately and run at the command prompt, but not anymore.

https://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnvs05/html/vs05security.asp