After the last critical and prominent software bugs [1 , 2] that could be avoided by code review. I will name some of them and write one or two sentence about it.
In my current development work I had to check commits, packages/modules. This leads to the differentiation between commit review and technical reviews. We used commit reviews to find any sort of bug but it is hard to find design problems in inspecting only a commit without knowing the rest of the code so introduced technical reviews that watched whole classes and packages. We do commit reviews daily and technical reviews after introducing a feature and by request. The following tools help us by doing these types of reviewing.
Sonarqube is full featured code analyzing tool and one part of it is allowing to comment on your code. With this feature you can do technical reviews.
Barkeep is review tool specialized on commit reviews. It does this and does it very well.
Pair Programming is not a tool it is a rule of extreme programming but I find it very helpful to avoid bugs before you commit your code.
What I already missed so far is a tool that integrates well both review types. So a group of developers (I am part of it) started a tool with name gh-review that tries to combine both.
Strict code formatting rules and constant code reviewing can lower the chance of such errors.
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
via"goto fail;" considered harmful [LWN.net].
Linux-Magazin Online Conference Streaming Live Stream of FOSDEM ’08 on Februray 23-24.
Der BND erklärt auf seinen Seiten Begriffe, die doch eindeutig aus dem Computerbereich stammen, z.B. OSINT oder SIGINT. Also aufpassen wenn man das nächste mal ein Programm per SIGINT beendet. Man könnte mehr bekommen als man will. Ist der Nachichtendienst nur ein Deckmantel für Softwareentwicklung?