A Multiple-Pass Approach

A Multiple-Pass Approach

An approach that one of the best code reviewers at Microsoft advocates is to take several passes through the code. First, you start with a high-level review. Understand the environment, and examine the data structures and initialization. Start to build a model of the code, and understand the linkages between functions. Any code that appears overly complex should be flagged for extra attention. Finally, establish your starting points to trace the code. The starting points are used to examine particular questions, such as Can this password string ever overrun a buffer? This allows you to focus your review on one problem at a time.

IMPORTANT
The set of slides on which I'm basing this section has two quotes that I think are words to live by: Any code that looks overly complicated likely has bugs and Even if you correct complicated code, bugs will be introduced by subsequent changes.

Once you've completed the preliminary groundwork, begin the investigation by checking all your starting points and iterate through these until you're done. If one starting point starts to branch off too far, create a new starting point to follow don't lose focus on where you started. Now you're ready to examine the code function by function. There are certain mistakes that most programmers make, and you might find patterns of mistakes by an individual programmer. Check unusual code paths most carefully, because these are almost always less well tested and you're more likely to find security bugs in obscure corners.