Code review is peer review of computer source code intended to find and fix mistakes overlooked in the initial development phase , improving overall code quality. Code reviews can often find and remove common security vulnerabilities such as format string attacks, race conditions, and buffer overflows, thereby improving software security. Online software repositories, like anonymous CVS, allow groups of individuals to collaboratively review code to improve software quality and security.

Code review is a valuable part of the software development process often called testing. Some argue that code review is less important when certain rules or secure coding methodologies are followed from the software's inception.

The Extreme Programming (XP) approach includes the practice of pair programming, which can be argued to be code review during development. XP proponents argue that other XP practices, such as refactoring and creating tests before even writing the code, produces code that doesn't need to be reviewed or rewritten as often and thus speeds software development.

There are many examples of how code review improved a project. They include

• Blender3d - A 3D graphics design package greatly improved by an open source development community .
• The Linux Kernel - Once a hobby written by a Finnish programmer, but is now reviewed by hundreds of programmers worldwide.

Automated code reviewing software lessens the task of reviewing large chunks of code on the developer by systematically checking source code for vulnerabilities such as:

• race conditions
• format string exploits
• buffer overflows
• memory leak

Flawfinder and Rough Auditing Tool for Security (RATS) are two well-known examples of code reviewing software.

See also

• Introspection
• Memory debugger
• Profiler
• Software inspection
• Static code analysis
• Test coverage

External links

• Code Review Checklist
• Code Review Software
• Flawfinder
• R.A.T.S
• Security Code Review Guidelines