Microsoft is expanding the .NET Security Group, previously a private collaboration with Red Hat, Canonical, and IBM, to allow any organization distributing .NET to apply for membership. Members receive CVE information and source patches approximately one week before public disclosure, enabling them to release security updates simultaneously with Microsoft. The program requires vetting, signing agreements, and demonstrating active participation in the .NET upstream project by publishing builds for supported versions.
Sort: