Security Code Review in the SDLC
Code reviews vary widely in their level of formality. Reviews can be as informal as inviting a friend to help look for a hard to find bug, and they can be as formal as a software inspection process with trained teams, assigned roles and responsibilities, and a formal metric and quality tracking program.
In Peer Reviews in Software, Karl Wiegers lists seven review processes from least to most formal:
- Ad hoc review
- Pair programming
- Team review