The .NET Security Group
15 hours ago
- #.NET
- #Microsoft
- #Security
- Microsoft runs the .NET project and follows security reporting and disclosure practices, with fixes typically released on Patch Tuesday.
- The .NET Security Group is a collaboration of organizations working to deliver security fixes to a broad set of .NET users simultaneously with Microsoft.
- Members receive source patches before public disclosure to enable timely updates across distributions.
- The group, initially private and by invitation, included Canonical, IBM, Red Hat, and Microsoft.
- The program is expanding to include more organizations shipping their own .NET distributions to improve security across the ecosystem.
- Security is a core value for .NET, critical for industries like finance, healthcare, and government.
- Multiple organizations build and distribute .NET, including Linux distributions and independent software vendors.
- New members must complete an intake form, undergo vetting, and sign agreements, including an NDA if necessary.
- Approved members receive CVE information about a week before public disclosure each month.
- The goal is to strengthen the .NET ecosystem by ensuring timely and widespread security updates.