A system and method is provided for providing security to components or assemblies employed by application programs during runtime. Assemblies carry version information that can be used to enforce the versioning rules described by the application program. At runtime, version numbers requested by the application programs are compared with those version numbers of the assemblies that are actually found. In addition to comparing version numbers, the present invention offers a stricter form of version checking based on cryptographic hashes. An assembly is provided with module information that contains a list of the files that make up the assembly. Part of the information recorded about each module is a hash of the module's contents at the time the manifest was built. An assembly referencing another assembly computes the hash of the manifest of the referenced assembly. An assembly manifest may include dependency information, which is information about other assemblies that the assembly depends on or references. Part of the information stored as part of an assembly reference or manifest is a hash of the dependent assembly's manifest.