Code Review
by Hussain on Jun.07, 2009, under Developers
Code reviews can often find and remove common vulnerabilities such as format string exploits, race conditions, memory leaks and buffer overflows, thereby improving software security. Online software repositories based on Subversion with Trac, Mercurial, GIT or others allow groups of individuals to collaboratively review code. Additionally, specific tools for collaborative code review can facilitate the code review process.
Automated code reviewing software lessens the task of reviewing large chunks of code on the developer by systematically checking source code for known vulnerabilities.
There are many examples of where it is claimed that adopting code reviews improved a software development project. Capers Jones ongoing analysis of over 12,000 software development projects showed that the latent defect discovery rate of formal inspection is in the 60-65% range. For informal inspection, the figure is less than 50%. The latent defect discovery rate for most forms of testing is about 30%. Other examples include:
Source: wikipedia.org
Automated code reviewing software lessens the task of reviewing large chunks of code on the developer by systematically checking source code for known vulnerabilities.
There are many examples of where it is claimed that adopting code reviews improved a software development project. Capers Jones ongoing analysis of over 12,000 software development projects showed that the latent defect discovery rate of formal inspection is in the 60-65% range. For informal inspection, the figure is less than 50%. The latent defect discovery rate for most forms of testing is about 30%. Other examples include:
- Blender (software), a 3D graphics design package greatly improved by the open source development community.
- Linux kernel, once a hobby project of Linus Torvalds, is now reviewed and improved by hundreds of programmers worldwide.
Source: wikipedia.org
