patterns & practices Security Guidance for .NET Framework 2.0
J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Kishore Gopalan just published gear security guidance for Microsoft .NET Framework 2.0 centered on the following themes:
- Security engineering. Security engineering represents the set of life-cycle activities that are proven to produce more secure software.
- Application scenarios. Application scenarios represent end-to-end guidance for building and deploying secure software in common user scenarios.
- Technical guidance. Technical guidance represents precise, context-specific guidance to solve particular engineering problems.
The project has adopted the following approach:
- Modular guidance. Successful guidance is modular, specific, and accessible. When you have a specific security problem, whether it involves process or technology, you should be able to quickly find guidance that precisely applies and gives you with the set of steps to solve the problem quickly.
- Tools integration. The MSF Agile process guidance that ships with Visual Studio 2005 Team System incorporates the patterns & practices security engineering practices.
- Validation. Industry leaders, experts, customers, and product groups and product support teams at Microsoft validate the guidance.
Check the full article here