The review's goal-both this specific review and the process in general-is informed by the business' needs, its institutional bias, the state of the team members and the role of the participants. For example, Jack Danahy, founder and CTO of Ounce Labs, says, "When you're in a bank, you're used to a vault mentality. Within financial services, there are two big concerns: privacy and integrity of data, and the non-reputability of that data." When financial services organizations conduct a code review, they're looking for a specific set of things, he says, such as making sure that interaction and are clean. Danahy adds, "In the public sector, the purpose is much more around making sure the application worked the way they expected. There's not as much of a detailed focus but rather looking at the general characteristic, 'Does it work?'" Typical code reviews are about generic policy, such as making sure inputs are validated, as opposed to a more granular policy in which developers have to , he says.
It's important to keep the team's attention on the goal of this code review, and to avoid distraction with other issues. An extremely common mistake, says SOA specialist , is for reviewers to challenge the design. "The design should have been ironed out in the and should not be part of the discussion in the code review," he says. "This is why it is critical that design reviews take place; otherwise the code review process can send the developer back to the drawing board."
Individuals' backgrounds also color the review, points out J. Schwan, managing partner of Solstice Consulting, a Chicago-based technology management consulting firm, depending on whether the developer is junior or senior. For example, Schwan says, in a code review for junior developers, goals should include adherence to the design or architecture defined during the design phase; ensuring that the code is written to perform as efficiently as possible; and use of common code modules. "For senior developers, a peer code review is often more effective," Schwan says. "The goal can then be more focused on ensuring utilization of common code modules and identifying other common code modules that can be reused by other parts of the system."
Next: What's the right time?
When to Schedule That Code Review