Secure code

I have been involved on a local focus group about writing secure code. Basically the idea is think about how Microsoft can help the developers in doing secure code, with a similar meaning as the book Writing Secure Code.
I would like to ear about what we are doing well and bad, what is more important (for instance, help in the design, construction or testing phase, samples, guides…), and, of course, what can we do for having more secure code developed on the .NET platform.

Comments (4)

  1. Jerry says:

    how about msdn ? often the code does not work (maybe this is already for security) how about showing one sample for the technical problem to solve, and another sample how to secure solve the problem,……

  2. Tim says:

    I think too often the examples, both online and in the various books/seminars, are too simplistic. So to start with I would assign a "level" to the samples (i.e. beginner, experience, advanced) and then have the appropriate level of complexity based upon the level. This way those people who already have the basics down don’t have to slog through five hundred pages of general info inorder to find that one gem they are really looking for.

  3. Since my post on Secure Code I have been searching for resources on Microsoft about writting secure code.