April 20, 2010 — The practice of code review is a lot like going to the gym: You know it’s good for you, but you don’t always do it.
A study by Forrester Research released at the end of March found that code review processes are often ad hoc in nature and have not kept pace with the increasing complexity of software development. Further, the study found that organizations do not make the time to institute code review as a formal part of the development process.
Gwyn Fisher, CTO at code analysis software company Klocwork, which sponsored the Forrester study, cited a number of factors working against formalized code review. “It’s hard to motivate people to do something that’s not pleasant,” he said. “It’s potentially devastating for the person whose code is being reviewed, and it’s annoying for an architect to get pulled away from his tasks to participate in a review. Even getting people to buy into a process that may or may not find something is hard to do.”
The benefits of code review are well understood; finding bugs earlier in the life cycle was the top reason given by 84% of the 159 IT professionals surveyed who are directly involved in their organizations’ development and code review processes. Other benefits included the sharing of best practices and highlighting new techniques, as well as the encouragement of refactoring and code simplification.