Security Guidance for Applications

One of the biggest requests from our customers is for us to share what we have learnt and know about writing secure software with developers around the world.  Our Patterns and Practices team has done just that.  Here is the index to the security guidance. 

The Patterns and Practices team partnered with teams in the Developer Division, Microsoft internal security experts, customers and industry security experts to bring you security guidance for .NET Framework 2.0.  Microsoft customers can find the guidance under the patterns and practices brand, available for free on MSDN.  Here is the index to the .NET 2.0 Security Guidance.   

Previous customer feedback has told us that it is important for the security guidance to be easy to use, actionable, and tied in to the tools.  We’ve responded by creating modular guidance that can be accessed via multiple entry points each tuned to specific customer scenarios.  We have also provided indexes and views to provide multiple entry points into the security guidance.  These have been tuned for specific customer scenarios.  The Patterns and Practices security guidance is now integrated into MSF Agile/VS 2005.  Tight integration with the IDE helps to make security a seamless part of the development experience and serves to deliver our guidance directly to the developer’s desktop. 


We have got some great customer reaction and feedback to this guidance.  If you have other feedback on this, I would love to hear from you.





Comments (3)

  1. Alex Kazovic says:

    On a unrelated note (I just wanted you to know my feelings), I’ve just heard that Access 12 will still have JET as the default DB engine (although a revised version of JET) rather than SSE. I am incredibly disappointed about this! It’s a pain having to keep up to date with two similar but different technologies.

    I’m sure that the Office group will point out the differences between the two and the different users of the technology, but to me it seems a typical example of ‘not invented here’. (I.e. developing similar technology rather than using an existing one developed by someone else.)

    As I stated earlier, there are enough technologies that I need to keep up to date with without adding an unnecessary one!

  2. Advait says:

    Hi Som,

    I have been going thru your blogs for some time now. I wanted to ask you a question. Is there a place on MSDN where there is a roadmap about the transition from .NET 1.1 to .NET 2.0.

    We(as a company) are all set up to transition to VSTS and I want to make sure I have, as an architect, covered al the grounds for all kinds of users in the SDLC.

  3. Somasegar says:


    I have forwarded your comments to the Office team and somebody from there will be getting in touch with you.

    – somasegar