Development Best Practices for a
New Development World
Hugh Wood
Rencore GmbH, United Kingdom

ISO-25010
System/Software Product Quality
#ESPC17 TH19 - Development Best Practices for a New Development World

Portability
Performance
efficiency
Compatibility
Maintainability
Security Reliability
Usability
Software Quality
#ESPC17 TH19

Functional
Suitability
Completeness
Correctness
Appropriateness
Ensure the solution covers
all the user required tasks
Ensure the solution
provides correct results,
with the correct degree
of precision
Ensure the user can fulfil their
goal without too many unnecessary
steps
#ESPC17 TH19

Out of
the box
Custom
solution
vs
COMPLETENESS
#ESPC17 TH19

CORRECTNESS / APPROPIATENESS
Is SharePoint the solution?
Are all functional points going to be covered?
Can you deliver with the new technologies restrictions?
#ESPC17 TH19

Response and throughput
rate of the system
What resources and how much of
the resources will be used during
operation and installation
Check the maximum storage or
users, and the maximum limits
of the proposed solution
Performance
efficiency
Time behaviour
Resource utilisation
Capacity
#ESPC17 TH19

TIME BEHAVIOUR
• Server dependency on requests / second
• End user machines, including mobile
• Network speed and latency
#ESPC17 TH19

RESOURCE UTILISATION
• Device Memory
• Network Bandwidth
• Browser Used
#ESPC17 TH19

TIME BEHAVIOUR
AN EXTERNAL CDN IS A DIRECT TRADE OFF OF SECURITY
TO GAIN PERFORMANCE
DO YOU REALLY GAIN PERFORMANCE?
#ESPC17 TH19

TIME BEHAVIOUR
• Brower Cache TTL
• CDN round trip with SSL
• External CDNs are insecure
(More on security later…)
#ESPC17 TH19

CAPACITY
• Max List size
• Site Collection quota
• Network bandwidth
• Possibility of multiple solutions
per page
#ESPC17 TH19

Compatibility
Co-existence
Interoperability
Ensure smooth operation
without interrupting other
functionality
Degree to which information
can be exchanged with other
systems
#ESPC17 TH19

CO-EXISTENCE
• Multiple framework versions on a single page
- Namespace React/Redux instances
- Global variables are always in a Namespace
• API tokens
- Multiple parts using the same remote API
• External connections
- Connections aren’t greedy
#ESPC17 TH19

INTEROPTABILITY
• Sharing information / data
• Sharing states
• Centralised processing
• Stay self contained with only
controlled interaction
#ESPC17 TH19

Degree user can recognise the system
is appropriate for their needs
Degree of simplicity to learn
how to use the system
Usability
Learnability
Appropriateness
recognisability
Operability
Error tolerance,
Simplicity of use
#ESPC17 TH19

Usability
User Interface
aesthetics
User error
protection
Accessibility
Pleasing and easy to
use design
Protection against
making errors
Accessibility based on policy and
system required, including access
for disabled users
#ESPC17 TH19

APPROPIATENESS / RECOGNISABILITY / LEARNABILITY
• Interface design
• Simplify UX
• Branding
#ESPC17 TH19

OPERABILITY / USER ERROR PROTECTION
• Error tolerance / Protection
• Simplicity of use
#ESPC17 TH19

USER INTERFACE AESTHETICS
• Branding
• Simplicity
#ESPC17 TH19

USER INTERFACE AESTHETICSOffice UI Fabric
#ESPC17 TH19

ACCESSIBILITY
• Use colour and shapes
• Contrast
• Use CSS focus with keyboard
• Pay extra attention to forms
• Make a components purpose clear
• Don’t use hover states
#ESPC17 TH19

Reliability
Maturity
Availability
Fault tolerance
Recoverability
Reliability under normal operation
Availability when required for use
Tolerance to hardware or software failure
How recoverable a system is
in case of a failure
#ESPC17 TH19

RELIABILITY
• Partial states where possible
• Robust execute of remote calls
• Remote servers
• Cross browser testing
• Functional point testing
#ESPC17 TH19

Security
Confidentiality
Integrity
Non-
Repudiation
Accountability
Authenticity
Only authorised users have access
Prevention from external intrusion
from unauthorised access
Ability to audit intrusion in order to
repudiate further attempts in the future
How easily actions can be
traced to a unique entity
How easily authentication proves
the identity of an entity
#ESPC17 TH19

DATA BREACH
> 23%
£3.11 Million
#ESPC17 TH19

CONFIDENTIALITY / AUTHENTICITY
• Ensure proper token handling
• Limit external connections
• Third party libraries
#ESPC17 TH19

INTEGRITY
• Ensure external connection authenticity
• CDNs…
#ESPC17 TH19

CDNs
https://www.researchgate.net/figure/221632001_fig1_Fig-1-Content-Delivery-Network#ESPC17 TH19

NON-REPUDIATION / ACCOUNTABILITY
• Not all interactions are logged by SharePoint
• Track in order to close intrusions quickly
• Include external API access in logging
#ESPC17 TH19

Maintainability
Modularity
Reusability
Analysability
Modifiability
Testability
Discrete design that allows modular
replacement of components, with minimal
impact on other systems
Degree assets can be used in
multiple systems
Degree system can be analysed to diagnose
deficiencies or causes of failures
Ease of modifiability without
degrading product quality or
introducing defects
Effectiveness and efficiency of test criteria,
being able to determine test criteria have
been met
#ESPC17 TH19

MODULARITY / REUSABILITY / MODIFIABILITY
• Build components from the
smallest part up
#ESPC17 TH19

#ESPC17 TH19

MODULARITY
Main app
Label
Current page
Button
List box
List items
Current sub page
Summary view
Add new button2
#ESPC17 TH19

ANALYSABILITY / TESTABILITY
• Build test strategy around function points
• Keep code refactored
• Automated or manual code review
#ESPC17 TH19

Portability
Adaptability
Installability
Replaceability
Ease of transfer from one environment
to another
How easily the system can
be deployed and redeployed
Degree in which the software can
replace another specified software
in the same system
#ESPC17 TH19

ADAPTABILITY / INSTABILITY/ REPLACEABILITY
• Follow Office Dev PnP in all the things
https://dev.office.com/patterns-and-practices
#ESPC17 TH19

Portability
Performance
efficiency
Compatibility
Maintainability
Security Reliability
Usability
Software Quality
#ESPC17 TH19

THEEND
Twitter: @HughAJWood
Email: hugh@Rencore.com
#ESPC17 TH19