Jamshed Damkewala details the launch of the .NET Security Group, where organizations can work directly with Microsoft to distribute .NET security patches and receive early CVE information.

Announcing the .NET Security Group

Author: Jamshed Damkewala

Introduction

Microsoft’s .NET platform powers diverse workloads across critical sectors, making timely and reliable security updates a necessity. The .NET Security Group is a new initiative designed to strengthen ecosystem security by collaborating with trusted organizations and partners.

What is the .NET Security Group?

The .NET Security Group consists of organizations that distribute their own versions of .NET. Members receive early (pre-public) access to vulnerability information and source patches. This coordination enables binary packages and patches to be released simultaneously by Microsoft and trusted partners, benefitting the entire .NET community.

  • Security updates for .NET are published on a regular monthly schedule (Patch Tuesday).
  • Trusted partners, such as Red Hat, Canonical, and IBM, have participated since 2016, allowing for more secure and synchronized patching.

Why Expand the Group?

The .NET ecosystem includes many third-party distributions. By expanding the group, Microsoft aims to:

  • Reduce the time lag between vulnerability disclosure and patched distributions reaching end users
  • Make it easier, faster, and more reliable for all .NET users to receive security fixes
  • Strengthen secure-by-default frameworks for the global .NET community

How to Join

Organizations interested in joining must:

  1. Complete an application form.
  2. Undergo a vetting process to confirm authenticity and compliance with security standards and legal requirements. Vetting includes annual re-evaluation.
  3. Receive approval and sign a program agreement, as well as an NDA if necessary.
  4. Complete onboarding to begin receiving early security information.

After joining, members will get pre-release information about CVEs in supported .NET versions about a week before public disclosure.

Flowchart: Application, Vetting, Approval, Agreement Signing, Onboarding

Conclusion

For organizations distributing .NET, early access to vulnerability details helps streamline patch delivery and enhances security for all users. Apply to join via the .NET Security Group Application.

Links:

This post appeared first on “Microsoft .NET Blog”. Read the entire article here