Arjan van Leeuwen overviews code reviews advantages and disadvantages, how much can be done in a code review, types of critiques, how to handle critiques and conflicts that might arise from them.
Ryan Slobojan discusses how to perform issue tracking, code review, commits and builds in an automated manner by integrating Git, Gerrit, Hudson and Mylyn.
Mike Rozlog discusses the need for software audits, proposing five code reviews that every developer should use: Numerical Literal, String Literal, god Method, Shotgun Surgery and Duplicate Code.
Gerard Holzmann discusses Spin, a design analyzer tool, and Scrub, a code review tool, used by Jet Propulsion Laboratory to analyze and fix the software used for critical solar system exploration missions.
Magnus Robertsson shows how to control the code architecture manually, statically and dynamically in order to avoid an architectural drift leading to a big-ball-of-mud. For that, he recommends ways to enforce the reference architecture through peer review, code analysis, and zero tolerance to warnings and errors.
Developer-driven testing is probably the most influential software development technique of the last 10-15 years. There's no question that it has improved the practice of building software. And in a dynamic language like Ruby, it's hard to get by without it. But is it really the best way to find defects? Or is the emphasis on testing and test coverage barking up the wrong tree?
Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.