Code Reviews
Overview
Code reviews involve examining the source code to identify and address security vulnerabilities and coding errors.
- Ensures that code adheres to security best practices and standards.
- Detects potential vulnerabilities before the code is deployed.
- Improves code quality and reduces the risk of security flaws.
Mature organizations integrate peer-based code reviews into their software promotion and release processes. They also use design reviews to vet development plans prior to creating code.
Fagan Inspections
Fagan Inspections are a formal code review used to find defects early in software development. A team examines items like requirements, designs, and code to ensure they are correct and high quality. This helps catch issues early, reduce costs, and improves the final product.
- Specific review technique, not a full development process
- Focuses on formal, step-by-step code/document reviews
- Uses defined roles (moderator, reviewer, author)
- Happens at specific points in development
While SDLC and Agile frameworks guide the overall development process, Fagan inspections are focused on code reviews to detect defects early in work products.
Fagan Inspections follow a structured six-step process:
-
Planning
- Set goals and define the inspection scope
- Assemble a team with relevant expertise
- Schedule meetings and allocate resources
- Prepare and distribute review materials
-
Overview
- Present work products and inspection objectives
- Explain goals and focus areas
-
Preparation
- Review materials individually
- Identify defects and improvement areas
-
Meeting
- Discuss findings and document defects
- Assign tasks for fixing issues
-
Rework
- Author revises based on feedback
- Correct defects and make improvements
-
Follow-Up
- Verify that defects are fixed
- Document inspection results and lessons learned