What is code review and how is it important for software security?
Code review is a process of examining software code to identify and remediate flaws and defects before deploying it in production environment. Moreover, the review process may by conducted by a third parties or peer programmer.
The purpose of the code review is to investigate the software code to uncover defects by impartial reviewers other than the developers who wrote the code. Besides, the code review process is a security control by itself. Because, unidentified bugs and vulnerabilities may expose our software to attacks that may compromise its security objectives. Therefore, reviewing code critically during the early stage of the development helps to avoid security concerns of software products and the data it may store and process.
The code review procedure differs from organization to organization. The most common code review process is known Fagan inspection. The process employs the following phases:
Planning –> Overview –> Preparation –> Inspection –> Rework –> Follow-up