What is a Code Review?
A code review is just that… a review of the code that runs your Web site. Traditionally focused on security best practices a code review will often refer to an exercise whereby the code is looked through for security vulnerabilities and major errors. When development teams write applications, code reviews are often part of the standard development methodology. However, I’m not really talking about security reviews but more some kind of common sense review by a third party (though you should do the security thing too). I’m talking about having another developer review a site for blatant stupidity, laziness and maliciousness.
I’m not joking about malice. I once found a comment within the code of the site that read “This will break on January 17th”.
Beyond malice though, I’m talking about having someone review your site to ensure that it was built in manner that will serve you well and not cause unexpected expense later on. All sites are going to need support, but what inspired this article is that I just worked on a site for a client where despite the fact it ran on WordPress an entire section had been hard coded static. It was full of errors and was an example of just pure simple laziness. However my client isn’t a coder (hence why they hired one to begin with) and had no way of knowing this section was not built right, until I told them.
Why Developers (including me) Will Hate This Idea
- We don’t like to have our work reviewed
- No one likes working in other people’s code
- There are so many ways to accomplish the same task in programming, who is to say which is the ‘right’ way?
- How would this be worked into the agreement?
- So someone who doesn’t work with me rips apart my work… Who is paying for anything they feel I need to ‘fix’?
Obviously the answer to all this is to work with reputable firms, developers, designers and those people you trust to produce a good quality product. However we all know people don’t always do this, hence why e-lance and other work-for-hire sites even exist. So if you have reason to suspect that you are not getting a quality product, it might be worth asking someone to conduct a code review and at least provide an analysis so as to temper any surprises you might have coming.
We Wrote the Book on Website Security
Or at least we wrote 'a' book on website security. Download our free, no strings attached, non-technical guide on website security. Use it as a checklist or see what you may be missing.Download Now