Ask HN: 3rd party code review recommendations?
Hi
We're a UK based startup, with several corporate clients.
We just launched our product on one of these clients sites, and in our contract is the requirement for us to have a 3rd party carry out a review of our code.
The reasoning is that a portion of our code is embedded in a number of pages in their site and they do not have visibility of its functionality.
We haven't come across this issue with any other clients yet, and searching for 3rd party code reviewing services hasn't turned up anything suitable for this purpose - the focus seems to be on clean code/standards compliance as opposed to security.
Does anyone have any advice, experience or recommendations of services that carry out this function? Have you looked at CodeCollaborator? If both organizations used it, each team could review the other's code. And you can restrict access so that if either organization used the tool more thoroughly, the other team sees only what they have access to. It's worked great for our team. It's fairly expensive, but it's worth it... Thanks, I haven't used CodeCollaborator before. Unfortunately the client doesn't have a team that is relevant for sharing the code with (in terms of interpreting it), really what they are looking for from us is a 3rd party 'assurance' that the code is safe. So more of a security issue. It doesn't seem that there is a service for submitting code and having it reviewed impartially with respect to security and then giving it some sort of accepted rating. Type in details about your stack and the service suggests different priced experts who can review your code by the hour through remote screen share.