If the answer is Yes to the questions above then this post is for you. In this post I am going to show how to generate Security Code Review Checklist using patterns & practices Guidance Explorer and Outlook 2007.
Note - Checklist documents can be generated without Outlook 2007 by only using the Guidance Explorer client that is freely available for download here. I am just a big fan of looking for new ways to utilize familiar tools.
Summary of Steps
Next section describes each step in detail.
Step #1 – Configure your Outlook 2007 to consume patterns & practices Guidance Explorer. patterns & practices team has recently released a version of their Guidance Explorer that exposes its online store via RSS. Guidance Explorer consolidates all the guidance patterns & practices ever released covering Security, Performance, and Visual Studio areas. That means you can consume something like 4000 items using RSS reader of your choice. My choice is Outlook 2007. Follow instructions in Consume patterns&practices Guidance Explorer Via RSS Using Outlook 2007 to download all 4000 items for offline use inside Outlook 2007.
Step #2 – Customize Outlook 2007 for easier search. Once Guidance Explorer items downloaded you can start consuming it directly from Outlook 2007. To make it more usable I recommend creating predefined search folders focusing on different disciplines. For example – Security, Performance, and Visual Studio. Follow instructions in Customize Guidance Explorer Inside Outlook 2007 – Find Tech Gold Nuggets Instantly to make it more usable and easy to access relevant information.
Step #3 – Identify Security Code Review items among 4000 others. Now that we are all set let’s build a list of security code inspection items. It is pretty easy with Outlook 2007 built-in instant search capability. Paste “Type: Inspection Question” into search box including the quotes, you should see something similar to this:
Highlight desired items and copy it into the clipboard by pressing Ctrl + C. Create a new folder in Outlook 2007 and paste the items using Ctrl + V. You’ve just created a working checklist ready to be used with the code you want to review. If you have your own insights and want to add it to the checklist – it is easy, just follow instructions in Create Your Own Guidance Explorer Items Inside Outlook 2007.
Step #4 – Generate Security Code Review Checklist Document. Once you are happy with the checklist items you are ready to generate the document. Outlook 2007 does not have such built-in capability, so I developed it by myself. It is really easy with Visual Studio 2005 and Visual Studio Tools For Office [VSTO] or just with Visual Studio 2008. For more information check my post Generate Documents Out Of Mail Items Directly From Outlook 2007. I’ve uploaded a sample checklist document with a few items in it in Word 2003 format with a few items. The document was generated purely using the described approach.
Guidance Explorer comes with an offline client that can do everything I’ve described above including document generation. To learn more about Guidance Explorer watch these cool videos below:
Have fun, Alik Levin
PingBack from http://msdnrss.thecoderblogs.com/2008/01/16/generate-your-own-security-code-review-checklist-document-using-outlook-2007/
It's great to see the rubber meeting the road. I know you do a ton of security code reviews so it's great to see you leveraging Guidance Explorer in action.
How to streamline the process of capturing security flaws during security code review? How to save time
You've been kicked (a good thing) - Trackback from DotNetKicks.com
Well defined set of search patterns helps significantly reduce time (cost) when performing security code