Add 3rd party dependencies guidance (#33512)

* Add 3rd party dependencies guidance

Fixes #32861

The dotnet content team has applied a consistent set of rules regarding recommendations and dependencies in our content. What we haven’t done is state those rules publicly. That resulted in misunderstandings after we removed a previous recommendation. We want to resolve that by publishing the rules we use.

* lint issues

* Apply suggestions from code review

Co-authored-by: Genevieve Warren <24882762+gewarren@users.noreply.github.com>

Co-authored-by: Genevieve Warren <24882762+gewarren@users.noreply.github.com>

README.md

@@ -17,7 +17,7 @@ Issues and tasks for all but the API reference repository are tracked here. We h
 
 ## :purple_heart: Contribute
 
-We welcome contributions to help us improve and complete the .NET docs. This is a very large repo, covering a large area. If this is your first visit, see our [labels and projects roadmap](styleguide/labels-projects.md) for help navigating the issues and projects in this repository.
+We welcome contributions to help us improve and complete the .NET docs. This is a very large repo, covering a large area. If this is your first visit, see our [labels and projects roadmap](styleguide/labels-projects.md) for help navigating the issues and projects in this repository. If your contribution includes third-party dependencies, see our guidance on using [third-party dependencies](styleguide/3rdPartyDependencies.md).
 
 To contribute, see:
 

styleguide/3rdPartyDependencies.md

@@ -0,0 +1,10 @@
+# Third-party dependencies
+
+When code samples take dependencies, our goal is that readers can use the material without additional research. This requires restricting dependencies to licenses that are well established and understood for both open-source and commercial offerings. We categorize dependencies according to the licensing schemes here:
+
+- **Open-source** : Rely on the [Open Source Initiative (OSI)](https://opensource.org/) to provide definitions for us. Offerings must meet the [definition](https://opensource.org/osd) provided by OSI, including using an [OSI approved license](https://opensource.org/licenses). Any component whose license is not an OSI approved license is considered a commercial offering. Prefer OSS projects that are members of any of the [OSS foundations that Microsoft is part of](https://opensource.microsoft.com/ecosystem/). Prefer permissive licenses for libraries. GPL or similar licenses are allowed for tools, OSs, and similar components.
+- **Commercial**: Samples may take dependencies on commercial offerings if readers can learn from our content without unnecessary additional costs. Typically, this means a community edition or free trial sufficient for its use in content is available. A commercial license scheme may be a form of dual license or tiered license.
+- **Dual licensed**: Readers choose either of two licenses based on their needs. For example, if the offering has an OSS and commercial license, readers can choose between them.
+- **Tiered licensed**: Readers are expected to use the license tier that corresponds to their characteristics. For example, tiers may be available for students, hobbyists, or companies with defined revenue thresholds. For offerings with tiered licenses, we strive to limit our use in tutorials to the features available in the lowest tier. This enables the widest audience for the article. [Visual Studio](https://visualstudio.com) and [IdentityServer](https://www.identityserver.com/) are examples of this license type used in dotnet docs.
+
+In general, we prefer taking dependencies on licensed components in the order of the listed categories. In cases where the category may not be well known, we'll document the category so that readers understand the choice that they're making by using that dependency.