Software Engineering Institute

The primary goal of the workshop was to identify the situations under which ActiveX and related technologies may be used safely and to produce a paper describing security concerns and configuration guidance.

That goal was achieved, and the result of the workshop, this paper, serves not only to dispel unwarranted myths about the safety of using ActiveX but also to furnish guidance to network administrators and others faced with security issues involving mobile code in general and ActiveX in particular. ActiveX and similar mobile codes provide enhanced usability. The level of enhancement is significant enough for corporate and government users that Internet security policies and procedures should reflect “risk management” rather than “risk avoidance.”