The Psychology of Code Review

Code review is ostensibly a technical practice. We review code to catch bugs, ensure quality, share knowledge. But after years of reviewing (and being reviewed), I’ve come to believe something different:

Code review is primarily a psychological exercise.

The code is just the medium. The real work is navigating human emotions, social dynamics, and cognitive biases.1 This framing isn’t original to me. Weinberg’s Psychology of Computer Programming (1971) made similar observations fifty years ago, though the industry largely ignored it in favor of purely technical approaches.

Why Criticism Hurts (Even When It Shouldn’t)

When someone critiques your code, your brain doesn’t distinguish it from personal criticism. This isn’t metaphor—it’s neuroscience.

A landmark 2011 study by Kross et al. used fMRI to demonstrate that social rejection activates the same brain regions as physical pain—specifically the dorsal anterior cingulate cortex and anterior insula.2 The study examined people who had recently experienced romantic rejection. When shown photos of their ex-partners, the brain regions activated were nearly identical to those activated by physical pain stimuli. Code review isn’t romantic rejection, but the mechanism of “social evaluation” appears similar.

That PR comment saying “this could be simplified” isn’t just feedback on code. To your brain, it registers as a threat signal. The amygdala activates. Cortisol releases. You’re not being dramatic—you’re experiencing a genuine physiological stress response.

This explains why even mild criticism can feel devastating, and why we remember harsh feedback for years.3 Baumeister et al. (2001) found that negative events have roughly 3-5x the psychological impact of equivalent positive events—what they called the “negativity bias.” One harsh code review comment may require 3-5 positive ones to balance out psychologically.

This isn’t weakness. It’s biology.

Understanding this changes how we should approach code review. We’re not dealing with purely rational agents exchanging technical information. We’re dealing with nervous systems calibrated for social survival, interpreting every piece of feedback through an ancient threat-detection system.

The Fundamental Attribution Error

When we see others write bad code, we attribute it to their character: “They don’t understand clean code.”

When we write bad code, we attribute it to circumstance: “I was under deadline pressure.”

This is the fundamental attribution error, first described by Ross (1977), and it poisons code review constantly.

1
2
3
4
5

Their bug:   They're careless.
Our bug:     It was a complex edge case.

Their hack:  They don't care about quality.
Our hack:    We had to ship by Friday.

The FAE is remarkably persistent. Even when we know about it, we still fall prey to it.4 Gilbert & Malone (1995) showed that the FAE persists even when situational constraints are made explicit. Participants still attributed behavior to character traits even when told the person had no choice. Knowing about biases doesn’t automatically correct them. In code review, this manifests as:

• Assuming the author didn’t consider alternatives (they probably did)
• Thinking they don’t understand the codebase (they might understand parts you don’t)
• Believing they don’t care about quality (they’re probably juggling constraints you can’t see)

The antidote is systematic perspective-taking: Before commenting, explicitly ask yourself what constraints the author might be under. Make it a checklist item if you have to.

Cognitive Load and Review Quality

Here’s an uncomfortable truth: the quality of code review degrades predictably with size.

A study by Cohen et al. at Cisco found that review effectiveness drops dramatically after about 200-400 lines of code.5 The study, published in Best Kept Secrets of Peer Code Review (2006), analyzed thousands of code reviews at Cisco. Defect detection rate was highest for reviews under 200 LOC and dropped significantly beyond 400 LOC. Beyond that threshold, reviewers start skimming. They catch fewer bugs. They make more superficial comments.

This isn’t laziness—it’s cognitive load theory in action. Miller’s famous 1956 paper established that working memory holds roughly 7±2 items. Code review requires holding:

• The stated intent of the change
• The actual implementation
• The surrounding context
• Style guidelines
• Potential edge cases
• Security implications
• Performance considerations

That’s already at the limit before you’ve even read a single line.

Practical implications:

1. Keep PRs small. Not because large PRs are inherently bad, but because human cognition has limits. If your PR is 1,000 lines, you’re not getting a real review—you’re getting a rubber stamp disguised as review.

2. Review in sessions. Fatigue compounds cognitive load. Taking breaks between files isn’t inefficiency; it’s maintaining quality.6 Baumeister’s work on ego depletion (1998) suggests that self-control and focused attention draw from a limited pool. While the “ego depletion” effect has faced replication challenges, the broader point about fatigue and decision quality is well-established.

3. Provide context upfront. A good PR description reduces the cognitive load of figuring out intent. That frees mental resources for evaluating implementation.

The Social Dynamics of Review

Code review doesn’t happen in a social vacuum. It occurs within a hierarchy, whether explicit or implicit:

• Senior reviewing junior
• Junior reviewing senior (awkward!)
• Peers with different domains
• That one person who blocks every PR

These dynamics shape what gets said and how it’s received.

Power distance affects feedback. In high power-distance cultures (or teams), juniors may hesitate to critique seniors.7 Hofstede’s cultural dimensions research (1980, updated 2010) identified “power distance” as a key variable in how people relate to authority. Teams with high power distance show less upward feedback and more deference to seniority. This creates blind spots—senior engineers may have code that never receives genuine scrutiny.

Status affects interpretation. A senior’s “just a suggestion” carries different weight than a junior’s. A “this is wrong” from someone you respect lands differently than from someone you don’t.

Psychological safety determines honesty. Edmondson’s research at Harvard established that teams with high psychological safety—where members feel safe taking interpersonal risks—show better learning behaviors and outcomes.8 Edmondson’s work, particularly her studies on hospital teams (1999) and Google’s Project Aristotle (2015), found psychological safety to be the strongest predictor of team effectiveness. In code review context, this translates to whether people feel safe pointing out problems.

In psychologically unsafe environments, code review becomes theater:

• Reviewers approve to avoid conflict
• Authors over-explain to preempt criticism
• Real problems go unmentioned because raising them feels risky

The Bikeshedding Trap

Parkinson’s Law of Triviality states that organizations give disproportionate attention to trivial issues. The original example: a committee spends hours debating a bike shed’s color while approving a nuclear reactor in minutes.

In code review, this manifests as endless debates about:

• Naming conventions
• Bracket placement
• Whether to use === or ==
• Tabs vs. spaces

Meanwhile, the architectural decision that will cause pain for years? “LGTM 👍”

This happens because:

1. Trivial issues are cognitively accessible. Anyone can have an opinion on naming. Understanding architectural implications requires deep context.

2. Minor comments feel productive. Leaving a comment—any comment—signals engagement. We confuse activity with value.

3. Bikeshedding is socially safe. Critiquing a variable name is low-risk. Questioning an architecture might imply the author is incompetent.9 There’s also a selection effect: the people most qualified to critique architecture are often the ones who designed it or approved it earlier. Critiquing becomes self-critique.

How to escape the bikeshed:

• Time-box style discussions. If it takes more than two comments, it’s not worth the PR.
• Create explicit review checklists that prioritize correctness and security over style.
• Use automated linting for style issues. Humans shouldn’t be debating bracket placement.

Defensive Behaviors

Humans under criticism develop defenses. In code review, these manifest as predictable patterns:

Preemptive apology: “I know this isn’t perfect, but…”

This is an attempt to lower the bar before criticism arrives. It sometimes works—reviewers may soften their feedback when the author has already acknowledged imperfection. But it can also signal low confidence and invite more scrutiny.

Explanation overload: Covering every decision with lengthy PR descriptions to preempt questions.

The logic is: if I explain everything, there’s nothing left to critique. The cost is cognitive overload for reviewers who now have to parse thousands of words of justification.

Strategic WIP: Marking things as work-in-progress to avoid the full weight of review.

WIP status is legitimate for getting early feedback. But it’s often used as emotional armor—a way to signal “don’t judge this too harshly.”

The confidence shield: Never admitting uncertainty, even when uncertain.

Admitting “I’m not sure this is the best approach” opens you to critique. So we project false confidence. The cost: we miss opportunities for genuine input.

These defenses are rational responses to an environment where criticism is common and praise is rare. They’re symptoms of a system that hasn’t established psychological safety.

The Ratio Problem

Most code review is criticism-heavy and praise-light. This is a mistake.

Losada and Heaphy’s research on high-performing teams (2004) found that the ratio of positive to negative comments was strongly correlated with team performance. High-performing teams had ratios around 5:1; low-performing teams were closer to 1:1.10 The specific “Losada ratio” of 2.9013 has been criticized and partially retracted—the mathematical modeling was flawed. However, the broader empirical finding that positive-to-negative ratios matter for team dynamics remains supported by other research.

In code review terms: for every problem you point out, you should ideally acknowledge multiple things done well.

This feels unnatural. We’re trained to find problems—that’s the point of review, right? But purely critical review:

1. Triggers threat responses (see the neuroscience above)
2. Discourages risk-taking and innovation
3. Creates adversarial rather than collaborative dynamics

Practical approach:

• Start reviews by noting what’s done well. “Good test coverage” or “Clean separation of concerns” takes seconds but changes the emotional frame.
• Use “praise sandwiches” sparingly—they become transparent. Instead, integrate positive observations naturally throughout.
• Keep a mental tally. If you’re about to leave your third critical comment without any positive ones, pause and look for something good.

How to Review Better

For Reviewers

1. Ask, don’t tell.

“Why did you choose this approach?” > “This approach is wrong.”

Questions invite dialogue. Statements invite defense. Even when you’re confident something is wrong, framing as a question often surfaces context you lacked.

2. Distinguish preference from problem.

“Nit: I might name this differently” ≠ “This will break in production”

Make severity explicit. Some teams use prefixes like [nit], [suggestion], [blocking]. Whatever system you use, be clear about what’s optional and what’s required.

3. Explain the why.

“This is confusing” < “This is confusing because the variable name suggests X but the function does Y”

Unexplained criticism is frustrating and unhelpful. If you can’t articulate why something is problematic, maybe it isn’t.

4. Assume positive intent.

Before assuming carelessness, consider: What constraints were they under? What did they know that I don’t? What might I be missing?

The principle of charity isn’t just philosophy—it’s practical. Assuming the author had good reasons makes you look for those reasons, and often you find them.

5. Review the code, not the coder.

“This function is complex” rather than “You wrote this in a confusing way.”

The difference seems subtle but lands very differently. One critiques an artifact; the other critiques a person.

For Authors

1. Separate identity from code.

Easier said than done, but practice helps. The code is a thing you made; it’s not you. Criticism of the code isn’t criticism of your worth as a person or engineer.

One technique: mentally frame the code as something you found rather than created. “Let’s look at this code together” rather than “Let’s evaluate my code.”

2. Seek understanding before defending.

“Can you help me understand this feedback?” opens dialogue.

When you receive criticism that feels unfair, the instinct is to defend. But defending before understanding often misses the point. Seek clarification first.

3. Appreciate the investment.

Good review takes time. Someone spent their finite attention on your work. Even critical feedback represents an investment in your code’s quality.

4. Know when to let go.

Not every battle is worth fighting. If a reviewer has a strong preference about something trivial, sometimes the pragmatic move is to accept it and move on.

The Meta-Skill

The ultimate code review skill isn’t technical. It’s empathy.

The ability to imagine:

• How will this comment land?
• What was the author trying to accomplish?
• What might they be going through right now?

Code review, at its best, is collaborative improvement. At its worst, it’s ego combat with commit hashes.

The code will compile either way. But the human dynamics will determine whether your team thrives.

Now go leave a kind comment on someone’s PR. Seriously. Do it now.

Further Reading

• Weinberg, Gerald (1971). The Psychology of Computer Programming — The original text on programming as a human activity. Still relevant fifty years later.
• Edmondson, Amy (2018). The Fearless Organization — Deep dive on psychological safety in teams.
• Cohen, Jason (2006). Best Kept Secrets of Peer Code Review — Empirical research on what makes code review effective.
• Kahneman, Daniel (2011). Thinking, Fast and Slow — Comprehensive overview of cognitive biases, many applicable to code review.
• Designing a Code Review Culture — Excellent talk by Derek Prior on building healthy review practices.

Related

• The Unreasonable Effectiveness of Writing Things Down — On externalizing thinking
• What the Stoics Taught Me About Being On-Call — On emotional regulation in engineering contexts

Changelog

• 2025-12-28: Initial draft
• 2026-01-29: Major expansion. Added sections on cognitive load, psychological safety, the ratio problem. Added 15+ academic citations. Added sidenotes throughout. Restructured for depth.