

Ask HN: 3rd party code review recommendations? - petemcc

Hi<p>We're a UK based startup, with several corporate clients.<p>We just launched our product on one of these clients sites, and in our contract is the requirement for us to have a 3rd party carry out a review of our code.<p>The reasoning is that a portion of our code is embedded in a number of pages in their site and they do not have visibility of its functionality.<p>We haven't come across this issue with any other clients yet, and searching for 3rd party code reviewing services hasn't turned up anything suitable for this purpose - the focus seems to be on clean code/standards compliance as opposed to security.<p>Does anyone have any advice, experience or recommendations of services that carry out this function?
======
ottomark
Have you looked at CodeCollaborator? If both organizations used it, each team
could review the other's code. And you can restrict access so that if either
organization used the tool more thoroughly, the other team sees only what they
have access to. It's worked great for our team. It's fairly expensive, but
it's worth it...

~~~
petemcc
Thanks, I haven't used CodeCollaborator before.

Unfortunately the client doesn't have a team that is relevant for sharing the
code with (in terms of interpreting it), really what they are looking for from
us is a 3rd party 'assurance' that the code is safe. So more of a security
issue.

It doesn't seem that there is a service for submitting code and having it
reviewed impartially with respect to security and then giving it some sort of
accepted rating.

------
jkresner
<http://codereview.airpair.co/>

Type in details about your stack and the service suggests different priced
experts who can review your code by the hour through remote screen share.

