1. Development Process
The development process is where bugs and defects start. Take advantage of tools that help you avoid or find these problems before you release:
Consistent use of a standard can lead to more maintainable code, especially in code bases written and maintained by multiple developers or teams. Tools such as FxCop, StyleCop, and ReSharper are commonly used to enforce coding standards.
Developers: Carefully consider violations and analysis results before suppressing them. They identify problems in code paths that are less unusual than you expect.
Code review and pair programming are common practices that task developers with deliberately reviewing source code written by others. Others will hopefully recognize mistakes made by the author, such as coding or implementation bugs.
Code review is a valuable practice, but it is fallible by nature of relying on humans and can be difficult to scale.
Static analysis tools analyze your code without running it, looking for problems like violations of coding standards or the existence of defects without requiring you to write test cases. It is effective at finding problems, but you need to choose tools that identify valuable problems without too many false positives. C# static analysis tools include Coverity, CAT.NET, and Visual Studio Code Analysis.
Dynamic analysis tools analyze your code while it is running, helping you look for defects such as security vulnerabilities, performance and concurrency problems. It analyzes the code in the context of the runtime environment, so its effectiveness is limited by the testing workload. Visual Studio provides a number of dynamic analysis tools, including the Concurrency Visualizer, IntelliTrace, and Profiling Tools.
Managers/Team Leads: Leverage development best practices to avoid common pitfalls. Carefully consider available tools to ensure they are compatible with your needs and culture. Commit your team to keeping the diagnostic noise level manageable.
There are many types of tests, such as: unit tests, system integration tests, performance tests, penetration tests. In the development phase, most tests are written by developers or testers to verify the application meets its requirements.
Tests are effective only to the extent that they exercise the right code. It can be challenging to maintain development velocity while implementing both functionality and tests.
Development Best Practices
Invest the time to identify and configure tools to find problems you care about, without creating extra work for developers. Run analysis tools and tests frequently and automatically, to ensure developers address problems while the code is still fresh in mind.
Address all diagnostic output—whether it’s compiler warnings, standards violations, defects identified through static analysis, or testing failures—as quickly as possible. If interesting new diagnostics get lost in a sea of “don’t cares” or ignored diagnostics, the effort of reviewing results will increase until developers no longer bother.
Adopting these best practices helps improve the quality, security, and maintainability of your code as well as the consistency and productivity of developers and predictability of releases.
|Consistency, Maintainability||Coding standards, static analysis, code review||Consistent spacing, naming, and formatting improve readability and make it easier for developers to write and maintain code.|
|Correctness||Code review, static analysis, dynamic analysis, testing||Code needs to not only be syntactically valid, but it must behave as the developer intends and meet project requirements.|
|Functionality||Testing||Tests verify that code meets requirements such as correctness, scalability, robustness, and security.|
|Security||Coding standards, code review, static analysis, dynamic analysis, testing||Security is a very complex problem; any weakness or defect can potentially be exploited.|
|Developer productivity||Coding standards, static analysis, testing||Developers implement code changes more quickly when they have tools to identify mistakes.|
|Release predictability||Coding standards, code review, static analysis, dynamic analysis, testing||Streamline late-phase activity and minimize fix cycles by addressing defects and problems early.|