10 Resources for Code Review and Other Peer-based Software Quality Assurance Techniques

Code reviews and software inspections have existed for a long time in the software engineering world. They have been however only adopted by a minority of software development projects. Programmers have always been reluctant to submit their code to the criticism of their peer. The pair programming technique promoted by the Agile approaches has faced the same obstacles and is regularly ranked in the bottom of the agile practices adoption surveys.

The situation has a little bit evolved with the development of tools for static code analysis. The automation of the practice, often included in a continuous integration process, seems to have helped developers to accept that code should respect some standards and code conventions… as long as some software and not a human being do the check. You will find below 10 articles that should help you understand the approaches to code reviews and associated practices… and maybe lead you to reconsider your position about these techniques.

* Design and Code Inspections to Reduce Errors in Program Development by Peter Fagan
This is the seminal paper introducing the code inspection. Peter Fagan explains that improvements are made possible by a systematic and efficient design and code verification process, with well-defined roles for inspection participants

* Improving Quality Through Software Inspections by Karl E. Wiegers
This article explains that software inspections and their cousins, reviews and walkthroughs, are proven techniques for reducing the number of defects in a program before it goes out the door. If you are in an organization of two or more people, some kind of inspection activity should be a part of your standard software development process.

* Software Inspections by Ron Radice
This article discuss some evolutions in software inspections like, 1:1 Inspections and Solo:Inspections. It also explains how inspections can reduce the cost of quality

* Find and Fix Vulnerabilities Before Your Application Ships by Michal Chmielewski and Neill Clift and Sergiusz Fonrobert and Tomasz Ostwald
This article discusses the code review process, prioritizing your code for review, types of security vulnerabilities and using the review findings

* Not Doing Code Reviews? What’s Your Excuse? By Jim Bird
This article explains that recent research into code review practices and advances in tools make reviews more effective and less expensive. This can change the way that we think of code reviews and the way that we do them.

* Best Practices: Code Reviews by Josh Poley
The aim of this document is to help increase the productivity during code reviews (of test code and product code), as well as highlight some common mistakes that should be watched for.

* Pair Programming vs. Code Reviews by Jeff Atwood
Jeff Atwood believes in the value of code reviews without reservation. He asked himself if pair programming is nothing more than code review on steroids

Saros: An Eclipse Plug-in for Distributed Party Programming

The Saros tool for distributed collaborative programming
(source: http://www.methodsandtools.com/tools/tools.php?saros)

* Secure Code Review
A secure code review is a specialized task involving manual and/or automated review of an application’s source code in an attempt to identify security-related weaknesses (flaws) in the code.

* Adventures in Code Review and Pair Programming by Atul Varma
This article discusses code review and pair programming and asks if simply turning the standard asynchronous code review process into a synchronous one looks a lot like pair programming.

* Four ways to a Practical Code Review by Jason Cohen.
This article discusses code reviews and present some lightweight approaches to code review (Over-the-shoulder, Email pass-around, Pair Programming, Tool-assisted) so that software developers can get the benefits of code review without the heavyweight process of a formal inspection.

Additional resources

* NASA-STD 2202-93 Software Formal Inspections Standard
* Code analysis tools directory