This came out some time ago and I had noted this on my old weblog, but I wanted to book mark it here on my new weblog... So here it is again:

The digital security consulting firm @stake announced on June 3, 2003, the results of an independent Security Analysis of the .NET Framework and the J2EE Framework represented by IBM WebSphere running on both Unix and Linux environments.

They are pretty up front in saying that while the analysis was funded by Microsoft, it was performed with no assistance from any of the vendors involved.

The results of the analysis are:

• Both platforms provide infrastructure and effective tools for creating and deploying secure applications
• The .NET Framework 1.1 running on Windows Server 2003 scored slightly better with respect to conformance to security best practices
• The Microsoft solution scored even higher with respect to the ease with which developers and administrators can implement secure solutions

More information here:

• Press Release and Research Abstract
• Security Evaluation Results