Showing results for Security - .NET Blog

OpenSSF Scorecard is a tool developed by the Open Source Security Foundation (OpenSSF) that provides automated security assessments for open-source projects. The primary goal of the Scorecard project is to help developers and users determine the security posture of open-source software by generating a score based on a series of security-related che...

Starting with .NET 9, we no longer include an implementation of BinaryFormatter in the runtime. This post covers what options you have to move forward.

Introduction In November 2023 (NuGet 6.8, Visual Studio 17.8, .NET SDK 8.0.100), we released NuGet Audit. NuGet Audit provides warnings during restore when a package with a known vulnerability is used by a project. More information about NuGet Audit, including detailed configuration options can be found on our learn website. New features are still...

Despite significant technological progress in addressing complex security threats, the key to preventing the next attack lies in adhering to fundamental security principles. It's essential to ensure the software ecosystem is secure, focusing on protecting .NET developers who design, build, and maintain the critical software we all use. As the home...

November 2023 Security and Quality Rollup Updates for .NET Framework

An introduction to identity in .NET 8 with code examples to secure APIs, generate a Blazor-based UI and integrate authentication into Blazor WebAssembly apps.

Mistakes were made When we first published the plan for the effort of HTTPS everywhere, we wanted to get developer community feedback on the various HTTP and HTTPS scenarios that we don't have much everyday visibility of. After we published that blog, we heard you loud and clear that there was a gap. This plan needed a clear way to suppress the ev...

Azure Active Directory (Azure AD) is being renamed as part of unification with the expanded Microsoft Entra identity and network access product family. This is a name change only and does not require any direct action from .NET developers.

Learn how to run .NET containers in Kubernetes as a non-root user.

Learn about patterns for securing your containers with a non-root user, and changes to .NET container images in .NET 8 to enable this behavior.