In some lecture material from the Software Security class at the U of Maryland (https://class.coursera.org/softwaresec-001/lecture/view?lecture_id=91), the professor mentions the benefits of doing human code reviews. But he points out that such reviews are expensive, time-consuming, and sometimes difficult to arrange because programmers don't want to spend their time that way.
What if one programmer could leave breadcrumbs or assertions in the code (using marks), requiring that another programmer vett his/her logic? These breadcrumbs would not be active for the programmer that inserted them, but the first colleague who comes along (or the first one who matches a designation provided by the inserter) would see warnings that he/she would have to work through to vett the code. This would make code review an indivisible part of coding; any time you touch a module, you might be forced to vett logic from someone else. Code could then be scanned to see what stuff is still "pending review", and coverage of code reviews would then become explicit.
In some lecture material from the Software Security class at the U of Maryland (https://class.coursera.org/softwaresec-001/lecture/view?lecture_id=91), the professor mentions the benefits of doing human code reviews. But he points out that such reviews are expensive, time-consuming, and sometimes difficult to arrange because programmers don't want to spend their time that way.
What if one programmer could leave breadcrumbs or assertions in the code (using marks), requiring that another programmer vett his/her logic? These breadcrumbs would not be active for the programmer that inserted them, but the first colleague who comes along (or the first one who matches a designation provided by the inserter) would see warnings that he/she would have to work through to vett the code. This would make code review an indivisible part of coding; any time you touch a module, you might be forced to vett logic from someone else. Code could then be scanned to see what stuff is still "pending review", and coverage of code reviews would then become explicit.