I attended two Birds of a Feather sessions, which are informal sessions where the (generally small) audience is expected to participate in the discussion.

I started at Keith Brown’s “Writing Secure Code” session, but it ended up focusing on server security, which really isn’t relevant to what I do. So I switched to John Moody’s “Help! I Have to Manage Programmers!”, which was packed to the gills. Clearly this topic resonated with people, and there were lots of strong opinions in the audience. Much of the discussion was about task estimation. One interesting idea was to allow experienced programmers to estimate longer tasks, but require newer programmers to estimate shorter tasks.

For the next session, I returned to Keith Brown for “Writing Partially Trusted Code,” which was much more interesting to me than his first session, as it stayed more focused on client applications. I actually learned some things about .NET code access security, the most important of which was about assembly-level security attributes. Even though FxCop wants me to declare security attributes on my assemblies, the experts at the session insisted that it is often best to simply ignore that rule. That’s great, because I still don’t understand how I would use them.