It might be worth adding a rule which checks for the System.Security.Cryptography namespace use of MD5 and weaker, and maybe SHA1 hashes (HashAlgorithm), and DES, TripleDES and weaker encryption (SymmetricAlgorithm), with a recommendation to use SHA256, or higher, and Rijndael [AES] instead.
See the following article, which apparently reports on Microsoft internal guidelines.
http://www.eweek.com/article2/0,1759,1859751,00.asp
Of course, this rule would be best for new systems, where you get to choose the encryption level. The doco should have a clear exclusion point -- where you need to interoperate with an existing security system.
Suggestion: add rule/warning for use of weak security algorithms?
Hot Topic
- Test Manager Appears Empty
- GetLatest "Force" option in the object model?
- Dumb Question Dept - how do I "delete" a public build from the list?
- Adding users to [project]Contributors: Cannot access users/groups in domain
- Top VSTS+Agile intro resources
- TF30321: The name you typed is already used for another team project
- <AspNetDevelopmentServer> Question
- Internal Error! Failed to acquite a ReaderLock
- Aborting in a load test plug in.
- Unable to add existing unit tests to a solution
VS Team System
- Connecting to Team foundation server
- Problem with Sharepoint
- fxcop
- How to move the $root repository to other driver (or location)??
- Merge and branch in various versions of a software in clients but similar in structure
- Why ImplementedInterfaceMethods is null
- Team Explorer doesn't support filenames with characters [ or ].
- REFRESH files and TFS
- Initialization for plugin "Microsoft.Pcw.currituck" failed with problem on the server
- Activity: Cost a Development Task
Suggestion: add rule/warning for use of weak security algorithms?
troptommy