Security Code Review in the SDLC

From OWASP
Revision as of 12:32, 28 June 2006 by Jwalden (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
OWASP Code Review Guide Table of Contents

Contents

Preface

Code reviews vary widely in their level of formality. Reviews can be as informal as inviting a friend to help look for a hard to find bug, and they can be as formal as a software inspection process with trained teams, assigned roles and responsibilities, and a formal metric and quality tracking program.

In Peer Reviews in Software, Karl Wiegers lists seven review processes from least to most formal:

  1. Ad hoc review
  2. Passaround
  3. Pair programming
  4. Walkthrough
  5. Team review
  6. Inspection
Retrieved from "https://wiki.owasp.org/index.php?title=Security_Code_Review_in_the_SDLC&oldid=6972"