Agenda of my summary – how to build a software

My understanding of building software is not only coding for the software but also creating the foundation for the whole software development lifecycle plus operation. This is my mind map for leading a team to build web services/applications.

1. Team

With the initial understanding of the task, the first priority is to assess the plan and the resource we have.

a. Do we have sufficient engineers with the required skills?

b. Is the team balanced:

i. Frontend vs backend engineers

ii. QA vs DEV engineers

iii. Development task vs teammates’ growth desire

c. Does the plan need/allow recruiting and outsourcing?

d. Do we need any knowledge acquisition?

2. Technical solution

a. Requirement analysis

i. Functional requirements.

ii. Non-functional requirements:

1. Traffic and performance expectation: it affects the scalability solution

2. Security

3. SLA: it affects the failover and DR solution

4. Where are target customers: it affects the network solution and applicable laws.

5. Law, regulations: it could affect a lot but mostly influence the data persistency solution.

b. Tech stack - these are the considerations for choosing tech stacks:

i. What’s the current team’s and the company’s stack?

ii. Does the technology matches requirement?

iii. Estimation of development cost and maintenance cost based on the tech stack.

c. Engineering:

There are some broadly recognized engineering solutions for improving reliability, development efficiency, security, and maintenance efficiency. We should consider involving these solutions based on available resources.

i. IaC

ii. Unittest and TDD

iii. Automation

iv. CICD

v. Code scan tools for security, test coverage, and code smells.

d. Architecture

i. Security architecture

1. Credential management

2. Isolation approach

3. Encryption solution

4. Cybersecurity for web

a. WAF

b. Defense for top OWASP security risks

ii. Data persistence solution

1. SQL, non-SQL

2. Database vs object storage

iii. Frontend

1. Framework

2. Design system

iv. Backend and scalability

v. Infrastructure:

1. On-premise vs Cloud

2. Which cloud service provider

3. Serverless vs server

vi. Disaster recovery solution

1. Auto failover

2. Data replication and backup

3. Project Management

a. Cost management:

i. Cost of outsourcing if any

ii. Cost of infrastructure

iii. Cost of procurement (license)

b. Communication management:

i. Daily work tools like JIRA, IM and virtual meeting tools

ii. Knowledge management:

1. Light solutions like normative Readme files

2. Heavy enterprise knowledge management tools

c. Quality Management

i. Test case management

ii. API test

iii. UI test

iv. Performance test

v. Penetration test

4. Operation

a. Service monitor

i. Function

ii. Performance

iii. Penetration

b. Incident management

i. Runbook and escalation procedure

ii. External communication plan

c. DevOps and change management

d. Logging system

e. Configuration management