.NET

1792 readers

1 users here now

Getting started

Useful resources

IDEs and code editors

Visual Studio (Windows/Mac)
Rider (Windows/Mac/Linux)
Visual Studio Code (Windows/Mac/Linux)

Tools

Decompilers: ILSpy, dotPeek
Scratchpad: LINQPad
Online playground and IL viewer: SharpLab

Rules

Rule 1: Follow Lemmy rules
Rule 2: Be excellent to each other, no hostility towards users for any reason
Rule 3: No spam of tools/companies/advertisements
Rule 4: Submit the original source. If a post reports on something found on another site, submit the latter

Related communities

Wikipedia pages

.NET (open source & cross platform)
.NET Framework (proprietary & Windows-only)

founded 2 years ago

MODERATORS

erlingur@programming.dev

starman@programming.dev

Spyros@programming.dev

Announcing the .NET Security Group - .NET Blog (devblogs.microsoft.com)

submitted 1 week ago* (last edited 1 week ago) by Kissaki@programming.dev to c/dotnet@programming.dev

0 comments fedilink hide all child comments

[…] We are announcing the .NET Security Group, a group of organizations that will collaborate on delivering security fixes to the broadest set of .NET users, simultaneously with Microsoft. We’re all better served by getting more deployments patched, quickly and predictably.

We’re believers in the concept of upstream open source projects. That includes sharing vulnerability information with other organizations that distribute .NET. We’ve done that with a small set of companies since 2016, starting with Red Hat. Members receive source patches prior to public disclosure so that binary packages can be built, validated, and published at the same time as Microsoft. Membership of this group has been private, by invitation only, and grew to include Canonical, IBM, Red Hat, and Microsoft. That’s how the .NET Security Group started.

We are expanding the program to enable organizations that ship their own distribution of .NET to have the same ability to better protect their users. By sharing information about vulnerabilities with trusted partners early, we hope to reduce the time between public disclosure of CVEs and when updates are available for distributions other than Microsoft’s. We believe this will help strengthen the security of the .NET ecosystem.

[…] Several Linux distributions do this, as do independent software vendors (across both Windows and Linux). In fact, we worked in collaboration with these same organizations to reduce the cost of building .NET, resulting in the dotnet/dotnet repo. We want it to be straightforward and low-cost to distribute security fixes to users.

More recently, other organizations came to us asking if they could get access to patches for their End-of-Life servicing businesses. These requests made us realize that it was time to publicize the .NET Security Group and better define its goals. Program members need to be active participants in the .NET upstream project and publish builds for supported .NET versions. Doing that demonstrates a strong commitment to the ecosystem and earned credibility to all participants.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here