How can tools support practices of 'Modern Code Reviews'

Today morning I read work of Bacchelli and Bird from ICSE 2013 (file attached). Please see my main take aways below in the context of our Johnny discussions. Bacchelli, A., & Bird, C. (2013, May). Expectations, outcomes, and challenges of modern code review. In 2013 35th International Conference on Software Engineering (ICSE) (pp. 712-721). IEEE. This study was conducted at Microsoft that aims to explore tool-based code reviews in the context of development teams. While the context is ‘development teams’, it provides good insight on the outcomes of code review activities, motivation behind them and needs to improve them. My interest in this paper is particularly in terms of understanding role and capabilities modern security intervention tool. Tools should aim to address ‘some' of the responsibilities of a ‘reviewer’ for developoers working outside the formal settings by getting to know the developer and her code better through a series of interventions and intervene in a more context-aware manner. 1. The work suggests three types of outcomes from code reviews: defect finding, code improvements and knowledge transfer. Examples of defect finding are comments about logical issues in code, security issues, wrong exception handling.’Code-improvement’ includes comments about removing unnecessary code, better code practices, improving code readability. Example of ‘knowledge transfer’ includes directing authors to external resources for learning how to tackle an issue. In this context, the outcome of 'intervention ‘tool’ should not be only to fix defects in code. Researchers should aim to provide knowledge transfer by adding to developers’ knowledge base and point him to right resource outside IDE. In security domain, code improvement is usuablly looked at from usability persopective but it is not only about usability related issues: it also covers compliance with standards, removing unnecessary code etc. which are often addressed in the context of security too. 2. Their empirical investigation shows that while managers and developers primarily seek ‘defect finding’ from code reviews, actual code reviews predominantly provide ‘code-improvement’ suggestions. The primary reason for this is that ‘defect finding’ requires deeper understanding of the code and its context, hence most of the reviewers provide feedback on code-improvement without highlighting ‘very much present’ "security and data model issues” in code. They also highlighted ‘understanding’ as an important determinant of improving quality of code reviews, i.e. provide feedback on defects in code. In order to improve understanding, reviewers often needed to interact with developers : either by synchronously engaging with them in comments of code review tool or by meeting them in person to understand their code better and provide feedback on defects in code. With that in mind, toola need to ask ‘right’ questions at the ’right’ point in time to know developer’s context better. Program comprehension practices is one of the area that can be looked at on how to improve this further. Hint: That being said, one of the way forward is to look at ‘diffs’ . Version controls provide diffs of two changed files (like many other code review tools provide). As researchers, we need to brainstorm what questions we seek to get answer for from these ‘diffs' to leverage the information in them?

Good Communicator = Good Listener

How to becoome an effective communicator? Remember.. the number one technique is to be a good listener. Do not listen to argue, to questions or to show that you knowo more. Just listen with the intention that you want to connect and you are interested in the topic. This would also trigger a chain of questions within your mind that can engage you with the audience or to the host of the talk in a meaningful manner. You need effectivre communication in all aspects of life and to deliver all kinds of emotions, news, persuations and information. Bringing in neuroscience knowlede - critical thinking happens at prefrontal cortex. Principally,everthing has a center in our body, e.g., center of vision is occipital lobe. However, there is only one thing that has two centers: speech. One center is situated in limbic system that is assoociated wih emotions and the other center is situated in prefrontal cortex that is associated with logic. When you are angry or emotional, your center in prefontal cortex gets covered by a 'foggy' wall - hypothetically. If you let that person speak for 15 to 20 mins, eventually his continous speaking would trigger neurons in pre-frontal cortex tilting him on the side of logic. That is why often when people talk a lot in anger get a remorse afterwards when then think logically of what they did and said. It is important for a leader to have good listening skills in order to communicate effectively with the team and understand peopl around her/him.

Image taken from: https://www.basicknowledge101.com/subjects/brain.html