Darrell Norton's Blog [MVP]

 Two good CAS-related blog posts:

• Greg Fee posts in a Brumme-like manner on security demand evaluation.  Greg's blog is about .NET security exclusively, and he's already got some good posts on security speed and network shares.
• Ivan Medvedev posts on writing managed code for semi-trusted environment.  Ivan provides a detailed discussion and some sample code for download, too.

Code Access Security is, in my opinion, an underrated .NET feature.  I don't know if it is the firewall fallacy or that developers have just become used to developing with admin privileges (ha! fooled you with that link!).  I have tried, in a security-conscious way, to move my web applications to a semi-trusted security model.  Since I use SQL Server and a separate dll for data, it's not too bad.  But I realize that users of other databases have more issues, and certain requirements dictate less stringent security needs.

As a side note (or maybe I'm just late to the party), but finally there is an OPML file for GotDotNet blogs.