Wikipedia editor’s personal feelings about a topic. A code review best kept secrets of peer code review pdf a process where two or more developers visually inspect a set of program code, typically, several times. The code can be a method, a class, or an entire program.
A more efficient, less error-prone, or more elegant way to accomplish a given task. Discovering logical or transitional errors. Identifying and averting common vulnerabilities like Cross-Site Scripting , Injection, Buffer Overflow, Excessive Disclosure, etc. This often-overlooked and very special code-review objective looks for segments of code that appear extraneous, questionable, or flat-out weird. The intent is to discover back doors, Trojans, and time bombs. I say often-overlooked because the very idea of malware and malicious intent may ring overly dramatic to some developers. USG agencies and departments like the DoD.
Of the four objectives, malware is the only one that requires human detection. A program containing an obvious back door can be scanned using a tool like Fortify and come out looking as clean as the driven snow. This is not to disparage Fortify and similar scanning tools. They are built to discover and highlight vulnerabilities, and they do that job well. They are not built to discern malicious program code.
Names of those involved in the Review. Date and time the Review was conducted. Best-Practice, Error Detection, Vulnerability Exposure, Malware Discovery or a combination. Office number or other location identifier. Name of the class, method, or program, plus line ranges and other particulars specific to the reviewed code. What was disclosed during the course of the Review.