I have been hired to evaluate a 20 KLOC application in a non-life critical healthcare device. The evaluation is to determine the code quality. This is not a testing effort as other organizations have been hired to do that. I am being retained to view the actual code and determine the quality.
The code is developed offshore from the US and I have no access to the developers and the actual build environment. There is no code documentation or any up development stream documentation, except for a end user user manual. The comments in the code is extremely limited and in another language that is translatable by Google Translate. I also have no access to the development process used to develop the application.
I have attempted to use various static analysis tools that will run a lint type of check on the code.
Besides for the static analysis does anybody have any additional paths I can take to evaluate the code.