Out of question software deliverables

Any software product, especially in this era, the era of technology and connected everything, must have the following set of features, I call the out-of-question software deliverables:

  • Security
  • User Experience
  • Performance.

Regardless of the size of any software force, whether an individual developer doing freelance at home, a small team of 3–5 developers, or a big company dedicated to the industry of software development, they all do have a process. A written best practice, a proven method, or a standard set of rules and conventions that the team agreed to follow. These rules enable the product/software development life-cycle to continue to go on and on smoothly, from requirement gathering to design, development, testing, reporting, and fixing bugs until the final delivery.

It is not accepted anymore not to follow the best practices nor to have a slow application suffering from doing basic tasks, especially with the exponential growth of the processor’s power. The lame answer for such issues is: the customer didn’t ask for it, the client did not include it in requirements documents that he signed, or the customer did something wrong, the user didn’t follow the instructions, or the user needs to learn how to use the system. You might yourself heard better or lame answers.

In this post, I demonstrate the leading technologies that I think any should include when building software, regardless of its business, customer, programming language, or the development process or methodology followed, those are the out-of-question software deliverables.

Security

It was almost 10 years ago when one of my friends worked on an Arabic version, HI5, yes, that was before Facebook, the moment I figured out the password is stored plainly in the cookies, alt + F4 and I never went back to that site. Number 1 is always security. No matter how almost everybody, including big companies, emphasizes safety, data protection, and encryption, you still find a lot of them who fall under that bridge.

The modern secure applications should protect all types of data during:

  • Data processing: within the memory when access is only granted to the allowed process by the secure operating system.
  • Data storage: whether stored in a local XML file or a database in the cloud, the application should encrypt critical data using proven symmetric (AES) or asymmetric (RSA) algorithms. Never store user’s password, hash them but please don’t use MD5, while sensitive credit cards information should be strongly encrypted following industry standards (PCI standards for the payment processing applications)
  • Data Transmission: within the network, through the web or the cloud, SSL/TSL should be enforced, never transmit your data plain.
  • Authorization: don’t trust people and apps, keep verifying
  • Typical attacks: application injection, JavaScript injection, cross-site posting, and SQL injection are still common, using the proper practices or modern platforms, such attacks are useless.

That means data should be safe all the time, from system users, administrators with power privileges, and of course, hackers. Ensuring use’s identity is a must; no one should be ever allowed to manipulate data intentionally or unintentionally. Name any development platform or language; they all do support and enforce all the critical encryption algorithms and practices. Depending on the application, developers should use multiple security levels to enforce security rules on the application, database, servers, and communication channels.

Performance

It is not the case anymore, where people can wait for days or weeks to travel from a city to another; every information should use the speed of light. Unless your application is doing complex algorithms and calculations, most of your basic operations like data retrieval and manipulation, should be instant. For example, a banking system is considered one of the top critical apps where security is more preferred than performance or convenience. Industry standards require certain restrictions to limit and manage the window of fraud. So you can ask the user to login to his account using a certain process, or a combination of several factors, such as OTP linked only to his mobile, force a particular IP, region or location, or even a personal checkup and approval.

If your application is taking too much time to load or to perform an operation, question yourself, you must have done something wrong. If you think that the delay is reasonable, you should quit and find another job.

User experience — UX

Medium, the popular blogging website, is one of my favorite examples in perfect user experience. It delivers only the expected in a simple, minimal, and unique experience. You can find many definitions for an excellent user experience. Some call it Apple 😉 others have published theories and papers on how to deliver the best application user experience. I see it as a continuous effort towards making users smile using your request.

There are several concepts/ practices for delivering an excellent user experience. Such as, providing simplicity; keeping everything to the minimum required level, no need to fill the screen with all the menus, features, and functionalities, show only what you think it is important for the user to perform the task. Also, keeping the number of clicks to the minimal is a key factor, this means to accomplish any task in your application starting from the home page, the number of clicks should be as minimal as possible. Some suggest 3 as the magic number, but as long as you measure that factor, then you are on the right track.

Environment specific features deliver an impressive experience to the user. If he is a loyal Android user and your application uses an Android-specific gesture or widgets, he feels home, or for Windows applications, you can add live tiles and so on.

User guidance; the application should be user-friendly; i.e., self-explanatory, no need for user manuals or training, the app should be easy to the degree the users feel they have used it before even during their first time.

UX efforts should be taken seriously in the application development life-cycle, put in the correct place, before, during, and after development. If not, the application will be very complicated to use. Users will be required to have a Ph.D. degree to do the basics.

That was my list of Out-of-question software deliverables, do you have your own list for Quality software development? Please share it in the comments.