Benefits of Code Reviews
- May 5, 2016
Writing has been a part of human history and since ‘to err is human’ it is natural that their write-ups would not be perfect either. It is common knowledge that you cannot proof read your own work so authors require editors to point out the mistakes in their work. Similar is the case with code writers, they too require assistance in finding flaws in the code and removing errors from it. Code editing is a very important and continuous part of the development process. When a programmer writes a piece of code he actually contributes to a bigger canvas where more people are contributing their part of the work. If there is a flaw in a small part of code, it can end up creating big problems in the overall application. Before we go further into the details of writing a code review, we first need to understand what code review actually is?
What is Code Review?
Code writing is usually a collaborative work. A programmer is working with a team where some team members are working across user interface, server and database and while some are working on different features of the application. Code review provides an opportunity for the team to initiate conversations and share knowledge across the team. Code review can help understand the best practices and standards and implement them across the team. So when a developer finishes working on a piece of code, the code reviewer looks over the code for any flaws and bugs.
Purpose of Code Review
The scope of code review is different in every scenario. Following are some of the key flaws that code review process points out:
- Bugs in the code
- Security misconfigurations in the code
- Code vulnerabilities
- Best practices
- Components with known vulnerabilities
In short, the purpose of code review is to find and fix the shortcomings of a piece of code. While these shortcomings can be related to code structure, data leaks, standards etc. the ultimate goal is to make the code secure and follow the standards and guidelines properly.
Role of New Team Members in Code Reviews
Whenever a new team member is inducted in a team, it is very important to make them productive as quickly as possible. To bring new team members on board quickly it is very important to help them in every possible way. Code reviews initiate conversations regarding code structure, architecture and style as a part of the work day. Secondly, in teams that work over a long period of time have some flaws that are ignored as routine practices. Code review gives an opportunity to the new joiners to give a fresh view on the existing techniques and procedures, pointing out existing flaws thus making the whole process much improved.
Cost of Code Review
It is an established fact that the sooner a bug is found the lesser it will cost to fix it. Fixing a bug in QA can be twice as costly as fixing it in the development phase. Just as we are unable to see obvious mistakes in our writing, developers also make common mistakes that are easily and quickly identified by an external reviewer. A code reviewer’s task is to find the common bugs especially those that are notoriously difficult to find at a later stage. These include dealing correctly with error conditions, information leakage, and security issues.
Code Review and Agile Team
Code review can greatly help any development team using any methodology. It is especially helpful for the agile teams as they are decentralized in nature and work is distributed among the team members. No one has complete knowledge of everything so code reviews help facilitate knowledge sharing across the code base and across the team.
Review Before Integration
Developer written codes usually form a small part of a bigger application. Usually developers write a piece of code which is then merged into the application. There are various scenarios here. A piece of code can be integrated in an application/website that is under development and not live yet or the application may be live and being used by number of users. Merging a code in a live application without code review can be a fatal mistake. If the code has flaws then it can affect the whole application. Imagine if you add a flawed piece of code into a live application or website. The whole application can become dysfunctional and can cause serious loss both in terms of business as well as productivity.
Relative Cost to Repair (Source: StackExchange)
Code Review Saves Time and Cost
At first code review seems to be an overhead both in terms of time and cost. The question is why would any organization spend time and money on code review when they have an experienced development team?
In reality, code review saves both time and cost for any organization. The sooner a bug is caught the lesser it costs to fix. If there is a flaw in the code and it is left undetected in the initial phase of development cycle; it can become extremely difficult to isolate and detect the bug at a later stage. Imagine if a developer who was previously a part of the development team has now left the team. It will be impossible for a new joiner to trace and rectify the problem. This can take a lot of time thus increasing the development cost.