Here are some of my favourite resources regarding code reviews:
From Karl Weigers’ book on the subject:
http://www.processimpact.com/reviews_book/chapter_2.pdf
http://www.processimpact.com/reviews_book/chapter_6.pdf
And a .NET specific list of security related things to look for in a review:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/thcmch21.asp
Proponents of code reviews say that when they are conducted properly they are one of the most cost-effective ways of finding defects. Does anyone else out there in .NET blog land have any experiences (positive or negative). The couple of times I’ve tried to get code reviews off the ground I’ve been told they are either too expensive, or I’ve got back fairly superficial and non-specific feedback.
Update: Chris Anderson with some brief info on the Avalon team’s code review process http://www.simplegeek.com/commentview.aspx/cf176ca9-1aec-4cb1-9d0f-796fce45d63a
Comments
Maybe in the latter case, it’s better for the two programmers to have a discussion in private where suggestions can be made - maybe an informal feedback session, but one that is required so it doesn’t look like someone did a bad job.
I do think that code reviews are useful; it’s just that they have to be taken seriously enough to spend enough time to do it right. It’s especially useful with new programmers, to make sure they are on track and up to company standards.
Well, enough rambling.
1) Many developers don’t want to take the time to prepare their code for inspection.
2) Followup. Many time changes are recommended, but are not made.
3) Some developers are not interested in or able to change bad habits.
Important, but sometimes frustrating.