Follow @PDSAInc May 2007 - Posts - Paul Sheriff's Blog for the Real World

Paul Sheriff's Blog for the Real World

This blog is to share my tips and tricks garnered over 25+ years in the IT industry

Paul's Favorites

May 2007 - Posts

Code Audits: Not just for beginners!

When is the last time you had one of your peers or an external consultant evaluate your coding? If you have not done this in awhile, you should seriously consider it. While I am sure you are a great programmer, different people have other ideas as well. In the IT business, it is all about learning. If you are not sharing ideas, or talking with others about your coding, then you are probably not learning as much as you could.

Now, I know reading articles and google-ing for code is a great way to learn as well, but everyone can bring fresh ideas to you. Never pass up a chance to "put yourself out there" and ask for some help.

At my company, PDSA, Inc. (www.pdsa.com) we actively encourage (actually, we enforce) code reviews on everyone. In fact, we have developed a set of checklists that we use to do a code review. For our security review, for example, we have over 144 points that we go over. This checklist not only covers code, but also security from an organizational standpoint. Our Application Design review covers about another 100 points and our SQL Server review also covers about 100 items.

I would encourage you to come up with your own checklist that you can use for doing reviews of code, organizational structure, databases and security. If you do not know where to start, you could join my Paul Sheriff's Inner Circle (www.PaulSheriffInnerCircle.com). IT Professional members on my Inner Circle have access to all of my checklists.

Just recently, I performed code and security audits at two separate companies. These were companies that thought they had developed secure, well-written and performant applications. However, they had never had anyone audit their code before. As a result, I wrote a 16 page report for one company and a 20 page report for the other of improvements that could be made in their applications. Just an example of what can be learned by having someone else look at your code. The next steps for these companies will be a training session to talk about the findings in these reports.

I hope this inspires you to come up with your own code review process at your company.

Paul

More Posts