If you are serious about Code Reviews, I recomment the book "Best Kept
Secrets of Peer Code Review". It is a pretty good and a quick read.
http://smartbear.com/best-kept-secrets-of-peer-code-review/ It's a free
book, or free pdf , or free kindle.
Smart Bear Software sells a QA and Code Review product, but this free
book of theirs is unbiased.
What I found interesting in the book were actual studies which included
eye-movement studies which found . . .
code review meetings are not as good as single-person private-time
readings
code review meetings where the programmer has to defend his code
before a group can be counter-productive
after 60 to 90 minutes, an individual or group just stops finding any
more defects. So timebox the review process.
the initial read of a program catches most defects
having a standard for code style / legibility helps find defects
and of course, what Agile and XP programming cite, use pair
programming (two people working on one PC , reviewing code real-time,
and creating tests as code develops)
is always best for when a section of code is hard or "just has
to work" (think NASA).
My own opinion is that a code review is nice, but designing or
retrofitting programs for * testability and * separation of UI from
logic has a better payoff in quality.
But if code reviews push that cultural change, go for it.
But ask yourself, is the main goal for of the code reviews to improve
quality, gain system insight, change past practices, or what? If you
had to pick one, which is it?
P.S. For us, our SOX procedure has a one-person QA - Code Review to
review changes prior to promotion into User Acceptance Testing.
As an Amazon Associate we earn from qualifying purchases.