Software Code Review
Lists requirements for software code reviews.
Someone other than the programmer of the code must review the code.
The reviewer should review for specific flaws (perspective such as memory use or thread control) at a single time.
Code should be checked for buffer overflows, poor structure, inadequate or inaccurate comments, and other security flaws. Comments must be logged.
After changes are made, the reviewer will review the changes.
Code is required to be compiled, be unit tested, and pass most system tests before being reviewed for flaws.
Set dates for code review completion but do not require formal meetings. A code review may be done by two or three people when they are available. Use no more than two reviewers for each perspective.
Code reviewers should be trained in spotting flaws.
Management should not be involved in the review process other than to be sure it is done.
Code shall not be redesigned in the review but review comments must be logged.
Coding standard violations shall be noted for fixing but not dwelt upon or blame be given.
After the initial code review, only review changed code or potentially affected code when changes are made.
Every issue from the review must be fixed or agreed by the team that it is not an issue.
When bugs are discovered that were not found during a code review, assess the review process to try to find a way to modify it to find those types of bugs.