Quick Hits

Most Developers Still Review Code In Person, Study Says

While much of development relies on widespread geographies, review process hasn't changed, survey indicates
Software development is generally a far-flung activity. Reviewing code for security and quality issues, however, is something usually is done in person and in one place, according to a study released earlier today.

According to a survey conducted by Forrester Research and sponsored by code review tool vendor Klocwork, most companies still use old-school methods to quality-check their code -- even though their methods of developing code often involve third parties and widespread geographies.

"Seventy percent of respondents sometimes or always work with outsourced vendors for parts of their development work, and only 36 percent of respondents have a centralized team structure with all members working in one location," the study says. Yet 60 percent of organizations reported that their code review team communications are still primarily conducted via in-person meetings, the study says. "Only 16 percent of organizations utilize Web-based tools and technologies to facilitate a majority of their reviews," Forrester says. "Given the significant use of outsourcing and geographically distributed development teams, the use of traditional in-person code reviews suggests code reviews are not keeping pace with modern software development practices."

Forrester and Klocwork conclude that to develop secure code more quickly and effectively, companies should develop more Web-based code review processes.

"To be effective, code review needs to be a collaborative effort that brings the right people with the right skill set to the code being reviewed," says Gwyn Fisher, CTO of Klocwork. "Development teams need to change the culture of reviews, which means making them less top-down and heavyweight by using modern collaborative tools, while adding automated code verification technologies like static analysis into the mix."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Chris Jacob, VP, Threat Intelligence Engineering at ThreatQuotient
Robert Lemos, Contributing Writer, Dark Reading