Security and prescriptive guidance for developers

Microsoft publishes a very interesting resource that many developers are uynaware of, which we call Patterns and Practices. These are Microsoft's recommendations for how to design, develop, deploy, and operate architecturally sound applications.

Patterns & practices contain deep technical guidance and tested source code based on real-world experience. The technical guidance is created, reviewed, and approved by Microsoft architects, product teams, consultants, product support engineers, and by Microsoft partners and customers. The result is a thoroughly engineered and tested set of recommendations that you can follow with confidence when building your applications. You can find them here

We know security is one of the hottest topics for developers. For the last few years, Microsoft has embarked on a quest called Trustworthy Computing which is a long-term effort to provide more secure, private, and reliable computing experiences for everyone. As part of this initiative, the Security Development Lifecycle (SDL) is a process that Microsoft has adopted for the development of software that needs to withstand malicious attack.

All the software we create must go through this process. This is the first step, to make sure Windows, IE, Visual Studio and our won software is secure. As you probably know we also have been working on fighting malware with efforts like AntiSpyware and OneCare.

But we find equally important to help developers build secure applications. After all, a system is as secure as its weakest link. Rick Samona, our developer security guy works with a team of people to create the MSDN Security Developer Center – an important resource every developer should look at.

The site has a lot of information (on the left nav) to help you understand security and lots of free resources (webcasts, articles, downloads) to help you write secure code as well as a Spot the Bug challlenge. Bookmark the site !