Today I stumpled upon my TechEd 2007 goodie bag and found a little card I had picked up somewhere at the event. The card advertised a free prize draw (twenty copies of Vista Ultimate). All you had to do was download The Developer Highway Code, whatever that might be.
Ofcourse being Dutch means I’m always in for a free prize draw, so I immediately visited the URL printed on the card. It turned out The Developer Highway Code is a cool free e-book released by Microsoft (available in PDF and XPS format). It seems to have been around since 2006, but I hadn’t heard of it before. The book was written by Microsoft UK employee Paul Maher and Alex Mackman and has been revised in 2007 (probably right before TechEd). Here’s the official description, which you can find on the book’s website:
"To build software that meets your security objectives, you must integrate security activities into your software development lifecycle. This handbook captures and summarises the key security engineering activities that should be an integral part of your software development processes.
These security engineering activities have been developed by Microsoft patterns & practices to build on, refine and extend core lifecycle activities with a set of security-specific activities. These include identifying security objectives, applying design guidelines for security, threat modelling, security architecture and design reviews, security code reviews and security deployment reviews."
Unfortunately the free prize draw seems to be over, but the e-book is still available. I suggest every Microsoft developer to take a look at it, since it’s a very good summary of many things a developer should look at when developing secure applications.