Silverlight and Security Documentation

Recently, there was an article in EWeek about the various platforms for Rich Internet Application (RIA) development, including Silverlight. It was an interesting article but one thing I found a bit worrisome is the author’s conclusion that Adobe has put the most effort into security and documenting secure practices. I own the security node for the Silverlight documentation on MSDN, which means that although I don’t own the feature-specific security concerns, I am responsible for pulling all these pieces together in a coherent way. As part of this charter, for the Silverlight 4 release I created a security topic based largely on a security whitepaper written by Nick, a PM for Silverlight. I worked with Nick to create this topic and it was reviewed by the Silverlight security team.

One of the ways that I think this topic adds value above Nick’s whitepaper is the fact that I can link to relevant feature-based security information. Also, since this topic is published on MSDN, it’s localized into several languages. In a previous release, I created a topic that describes the coding model under which Silverlight was created, to shed some light on why we think Silverlight is secure.

I noticed that although Bing returns this topics fairly high in the stack when searching for Silverlight security, that is not the case with all search engines, so obviously there is a bit of a discovery issue here.

But assuming you can find these security topics, what other kinds of security guidance are you looking for, or is there another way we could present the information that you would find more useful?

Waiting for the deluge…

--Cheryl