Best practices for signing assemblies with multiple projects and developers

Question

I’m looking for recommendations and best practices for applying signed assemblies in an organization with 30+ developers, 20+ solutions and 60+ projects. We’re using Visual Stud

Answer 1

We currently use the same strong key (.SNK) for every project in our solution. Depending on your project is how you manage to different keys for every project.

If you want higher security I suppose you could recreate the key for every project, but it's going to be a nightmare to manage. Remember that at the end of the day, the SNK just shows that the code comes from your company, and prevents the assemblies from being altered, it's not a huge in-house security feature.

For that, you should limit your source control and look at using a build server etc. if you don't trust/don't want the developers to build code.