What is a source code audit?
A manual source code audit is a comprehensive way of evaluating the efficiency, quality, security and overall value of a piece of coding. It is done by another qualified developer than the one who originally wrote the code; it is a third party examination of the material, realized in order to receive an unbiased appreciation of the first developer’s work. In a Business-To-Business situation, a manual source code audit has several benefits that cannot all be met through an automated testing process, both for the seller - who produced the code for a client- and for the buyer - who intends to use the digital product to help their business.
To give you an idea of what a flawed code would look like, you can have a look at our infographic on bad code symptoms here: https://www.siclo-mobile.com/how-to-recognize-bad-code-infographic
Benefits for the buyer
As a buyer, you probably don’t have the same programming qualifications than the developer you hired to code an application for you, which means that you are more often than not unable to see any fault in it. Even if they are mistakes lying under the surface, you need someone to be able to look under your hood and see what might be wrong.
There are some telltales signs that your application might not be working as well as it should: crashes and bugs are a red flag and so is latency (on a mobile application, the average user will tolerate an occasional latency of one second at most for his action to be realized). Generally speaking, if your application or your website receive any bad feedback about your technology’s performances, ordering a source code audit would be a fast and sure way to find out if there is indeed something wrong with it. If you have any doubt, a code audit can bring you a lot of information you might miss:
1 - Having a good look at how your product works
Although knowing precisely how the product you are using works is of little concern to you, understanding some of its mechanics will provide you with precious information that you definitely want to know:
A source code audit will tell you if there is any vulnerability in the safety of your code and point out any flaw so you can patch them as soon as possible. The sooner you discover a breach in your defenses, the less time you leave to a malicious hacker to steal important data from you.
A source code audit will verify whether your product was made following code best practices. A properly coded application is easier and cheaper to review, to maintain and to improve; if you are thinking about implementing new features in your technology, a source code audit is the best way to make sure your source code can handle it.
A source code audit will also give you a list of every separate tools and technologies your application is using, if any. This gives you a list of exterior tools that you must keep up to date for the program to work properly.
2 - A third party examination to fix and patch your tech
Whether it is because of negative feedback or because you noticed bugs, crashes and latency by yourself, buying a source code audit when you have any doubt about your app's performances is the guarantee to find a solution to these doubts.
A comprehensive source code audit realized by a qualified auditor will not only offer you clarity and an unbiased appreciation of your app - and therefore tell you if your doubts are reasonable - but will also provide a patching guide, showing you the easiest (and cheapest) way to improve your application so these doubts disappear entirely.
An audit is made to find and patch any bug in your source code before it gets critical and starts costing you money and time; it also gives you an idea on how to react to negative feedback, once you know the state your application is in.
Benefits for the seller
As a developer, having a source code audit made for the product you are selling or about to sell has several benefits ; ordering an audit does not mean you doubt your abilities as a developer or that anyone should, it is simply the unbiased and comprehensive evaluation of an equal on your code.
1 - A proof of your code quality
If a professional code auditor reviews your code and finds no fault or flaw in it, you will have every reason to boast this amazing result. It is a testament of the quality of your code and, therefore, is a strong negotiation tool that you can exploit easily when selling your code to a new client. If another qualified developer cannot find any mistake in your source code, it is certainly something to be proud about, and you would benefit a lot from keeping that audit as a proof that the quality of your product is irreproachable.
2 - The earlier a problem is detected, the cheaper it is to fix it
Although the possibility presented just above seems ideal, it is very rare that a program’s coding is perfect before an audit is performed. That is why a manual, comprehensive source code audit can be so beneficial for your product even before you sell it: by finding and correcting every mistake you may have made before your client starts using the product you designed, you can be sure that they will only use the best version of your project. Brand-wise speaking, this is a method to make you look as conscientious as a developer can be and it increases the value of your product. By selling a product that has already been corrected, you show that you are a reliable company for any project and that your works will always be fully functional - a great reputation to have if you are looking for more clients.
3 - A fresh look at your project
Aside from the small bugs and flaws that you might unwillingly place in your code, an audit can also help you find some bigger mistakes that you might have made: another developer will have an easier time tracking and finding any copyright law infringement, weakness in your security or misused methods than you would, since they are looking at your code unbiased. That is the main advantage of having an outsider looking at your project; you might be too close to the picture to see what you could do better and what you should remove entirely.
The Siclo Method
As a company, Siclo Mobile takes pride in the sheer quality and conscientiousness behind every piece of coding that we deliver. Be it an application or a website, we believe that haste and laziness do not belong in the software development field.
When acting as source code auditors, we apply the same rigor to other people's code. Each time we are asked to audit a code, one of our developers manually reviews it from the first line of code to the last.
In order to make the most out of our review, we have established a comprehensive checklist divided in several categories to rate the source code.
1 - Code quality
In this first part, we evaluate the format of the code we are reviewing. It includes checking that indentation, alignments and white space are properly used for the clarity of the code; but also the naming conventions the developer followed for their classes and how they linked documentation to their code.
This comes first, because the more readable a code is, the faster and easier it will be to review it. That is why it is also important to make sure your code can be read by any developer, not just you.
2 - Software Architecture
We also look at the design patterns used by your source code. There are pre-existing, agreed upon design patterns that should be respected, as they limit the number of missed errors in a source code.
For example, this included the DRY pattern, for “Don’t Repeat Yourself” and the KISS principle for “Keep It Simple, Stupid”.
3 - Coding Best Practices
Coding best practices are called that way because they are the most practical way to write code. Following them will make your software easier to read and to maintain, but not only: it is also a more economical way of writing code (it is meant to optimize the energy used by the software).
If an application fails to follow coding best practices, it will take more time to be reviewed and the source code might need to be reorganized almost entirely.
4 - Non-Functional Requirements
Non-functional requirements include every aspect of your code that, although it doesn’t affect your code’s functionality directly, may handicap you in the near future. Even if they are not respected, your application can still work; but optimizing these aspects will make it work insanely better. This includes mostly:
5 - Object-Oriented Analysis and Design Principles
When talking about Object Oriented programming, the SOLID principle should always be followed, as it is a method that optimizes the code’s maintainability and stability. In addition to that, it makes it easier to improve and add new features to the original application, a possibility that is extremely important nowadays.
Single responsibility principle
A class should only have a single responsibility; it should only be linked to one part of the software’s specification and not the entirety of it.
“Software entities [...] should be open for extension, but closed for modification”; basically you should be able to add new features with very little edits to the original source code.
Liskov substitution principle
“Objects in a program should be replaceable with instances of their subtypes without altering the correctness of the program”
Interface segregation principle
Several specialized interfaces work better that one big polyvalent interface.
Dependency inversion principle
Modules should depend on abstractions and not on each other; details should depend on abstractions.
What do I do if I need an audit?
Now that you know how to know if your code is flawed (the infographic showing telltale signs can be consulted here https://www.siclo-mobile.com/how-to-recognize-bad-code-infographic ) and that you know how valuable a manual source code audit from us can be, what do you do if you need one?
It is very simple: send us an e-mail with a quick summary of your software or project at firstname.lastname@example.org and we will take a look at it!
Jul 22 2019