Software Development Standards
Computer software development standards are required for reasons of security today. That combined with an increase in efficiency and the ability to collaborate among teams makes the use of software standards pay off.
For every software project whether internal or external, there MUST be a minimum set of software development standards. If the project is handled by an external organization then the contract must reference the software development standards that the vendor will be held to.
Failure to adhere to a minimum set of software development standards is a perfect recipe for a project disaster. This page will list a few minimum standards but will not provide an exhaustive list.
Minimum Software Standards
Calls to databases must be through stored functions which are typically stored on one file seperate from the main part of the software. Database calls should not be direct to the database. Storing the database calling functions in their own file will allow easy modification of the project should database requirements change.
Separation of presentation from code.
Validation of user input.
Checking of length of all input whether user input, network input, input from files or any source to be sure the input size is not greater than the buffer size.
Required error condition checking when:
File access fails.
Registry access fails.
One or more configuration files are not available.
A library file is unavailable.
Provision to be sure library files or configuration files are not tampered with and the files are valid when used by the program.
Modification of system environment variables cannot compromise the security of the program or cause a different library or configuration file to be substituted.
Some minimum amount of comments per line, at the start of the program, and at the start of procedures or functions must be required.