Software project best practices checklists
by Kristóf KOVÁCS (kkovacs.eu )
Please keep in mind that every environment, company, and situation is different. These checklists should always be read with "...if applicable" implicitly added.
Checklists for the preparation of the project
Specifications / Requirements / RFP
Price quote / Bid
Project start
Checklists for development
General principles
Does everyone remember the KISS principle ("Keep it simple, stupid") and Occam's razor ("the simplest explanation or strategy tends to be the best one")?
Are unfinished/unpolished parts of the code clearly marked with "XXX"?
Is UTF-8 used for everything? Databases. Tables. DB connections. Strings. Content-type. All should be UTF-8.
Are compilation and any code generation automated? (Makefile, Ant, Maven, etc.)
Does every piece of input that comes from an untrusted source (i.e. the user, or other systems) gets filtered? (Invalid characters, invalid type, etc).
Do we prevent the users from uploading dangerous files? (php, cgi, exe, etc)
Are all forms validated for consistency on the server side? (And, as needed, on the client side?)
Are all the files in the project use the same identation? (Tabs vs spaces, ident size, etc.) Automated enforcing tools (like "gofmt") are preferred.
Is the code sufficiently (but not overly) commented?
Task Tracking
Source control
Testing
Checklist for operations and maintenance