I have been talking about my trial software run of SmartBear's CodeReviewer tool. To me the meat of this software is the ability to view and annotate lines of code. The code viewer is an Internet Explorer window without the normal menus. I found this window missing any text search capabilities. Thus I had to rely on the default Internet Explorer find function which is lacking.
It was not difficult to enter a defect during the review. However I could not rate the severity of the defect. The main problem I encountered was entering multiple defects for a source code file. I would click a line of code and enter a defect. The line number was annotated in the defect. However subsequent defects seemed to continue referencing the line from the first defect. I emailed SmartBear's customer support for help with this critical issue. Update: SmartBear support helped me through this issue. I was clicking the wrong button to initiate a new defect.
There is a reporting functionality in the software. You can customize the contents of the reports somewhat by choosing different options. However our CMMi people want code review artifacts in a certain format. I wonder whether I can get the software to product such artifacts automatically. If so, the cost of the software may be worth its benefit. I hate manually generating those artifacts every time I review something on the project. For now I am going to continue trying out this software.
OWASP - I have been reading about the OWASP Top 10. Apparently they are a list of common web security breaches. There seems to be a new list each year. Figure I h...