I have been asked to do a code review of about 50 applications over a period of 6 weeks. (Management has changed and the new CTO asked for an full internal software audit)
I am wondering, what are the key areas to evaluate software on?
(The focus should purely be on the quality of the codebase and not e.g. how it was deployed)
Please note: This is not the same question as “What are the 9 or 10 qualities of software?”.
The first few things that came to my mind are:
- Code readability (descriptive variable/method/class names, comments etc)
- Layering (data/business/UI)
- Configuration (no hardcoding)
- Sufficient level of abstraction (to remain flexible)
- Organisation of the code
- Use of 3rd party libraries (approved or not etc)
- Separation of concerns
- Test coverage (if applicable)
- Modularity of code
- Penalties for breaking principles such as “DRY”
- …
I will appreciate your answers to help me identify an extensive list of what you think are the key areas for software evaluation.
6
50 applications in 6 weeks sounds enormously ambitious. You need to tell your new CTO that this is only a lightweight review; there’s no way you’re going to detect bugs or security flaws in this time.
I’m mostly familiar with code review for security, and the rule of thumb I use is 10 KLOC per day – and even that is ambitious, and can only be achieved by focusing on the parts of code that really matter for security.
A few suggestions:
- Design a report template at the beginning, and get the CTO to approve this. It should be concise: a few red/amber/green statuses for different areas, maybe a few list of key people, issues, etc.
- Include documentation in your review. This could include tickets on your issue tracker.
- Speak to key people related to each application. This lets you get to the important issues more quickly.
- Establish what coding standards you have, and whether they are mandatory or advisory.
- Take a risk-based approach, where you spend more time on applications that matter more.
- Try to establish whether you could reasonably make changes to the application. You sound like you’ve got decent coding skills: if you think you’d struggle, this is clearly a concern for future maintenance of the app.
Apart from that, good luck! This is an opportunity to shine, so make the most of it.
0