Quality of Code

As our CTO, William Byrne (link to Linked In profile), insists, “writing good code is the most cost-effective solution.” Often, merchants look at cheaper rates from off-shore (or even on-shore) agencies or developers because they are focused on the quantity of features developed rather than the quality of the user experience. Unchecked, the mantra ‘it works, doesn’t it’ is a sure indicator of future disaster.

Unfortunately, this is a big problem in our industry. We have performed technical reviews on scores of web sites – it’s a requirement for new clients. More than half have had major issues with the quality of their code.

Inefficient Code

There are many ways to write code to perform specific operations, some of which are more efficient than others. Ideally, you want the most efficient code possible on your site because, as merchants know, a slow site also slows down sales.

Brittle Code

We connect a lot of systems across the internet to make a site work, especially B2B sites where inventory availability is pulled in real time from an ERP system, shipping quotes come from multiple vendors, and credit limits may have to be referenced as customers check out. These connections are subject to network limitations, loads causing delays in responses from connected systems, undocumented updates to API specifications, errors in response data and so on. In addition, open source platforms are not flawless and may have undocumented anomalies in the way some cases are handled.

Well-written code is solid. It anticipates the unanticipated and handles errors elegantly. We often see brittle code, even from developers whose work we generally respect. Making code solid has to be a top priority.

Insecure Code

Code that opens up security vulnerabilities is the silent killer. Performance can be great, errors properly handled, but, it can still be easily exploitable. Platforms like Oro Commerce and Magento do a pretty good job not only of producing solid core code, but, also, releasing security updates and patches as vulnerabilities are detected.

Developers who do not follow secure coding practices can create expensive legal and technical problems for their clients if they give hackers an easy target.

How to Ensure Quality of Code

Of course, this is a very broad issue, but, there are some key attributes of developers who are committed to quality:

Proper Business Analysis

Before a single line of code is written, it is important to understand the goal. While this may seem obvious, every developer has had a client come across with a request like, ‘I need my on site search to give better search results.’

A developer might start on that task by implementing the latest and greatest search best practices only to find that the challenges of the merchant are not addressed by the solution(s) he implemented.

Merchants and business analysts must think through their objectives, the underlying use cases and determine how the software should perform before it ever goes to a developer. The tighter the objectives and more well-defined the possible user actions are, the more precise the code writing can be.

Training and Instilling Standards

Every development agency should have strong technical leadership. If it does not, its output will be poor. Technical leaders ensure that standards are adhered to, that code produced meets or exceeds expectations and that collateral effects (some might say ‘damage’) are minimized.

Non-technical or semi-technical folks often assume that writing code is principally a technical endeavor. While it is true that code that is technically incorrect is bad code simply because it doesn’t work, there are many ways to write code correctly. Training developers to write code that adheres to standards of performance, readability and durability is an ongoing pursuit for quality development agencies.

Good develops like Razoyo will get together often to read and comment on each others’ code. Developers improve your code base by gleaning new insights from the work of the entire group. Code readings and rigorous Quality Assurance reviews by the technical leaders help keep the code quality high.

Version Control

If you have ever collaborated with a group of people to write a document, you know the importance of good version control. Knowing what was written by whom and for what reason is as important as knowing which version of the document is most up to date.

Word processing programs generally have a review feature that can be turned on and used to roll the document back to prior versions, allow an editor to accept or reject individual changes and request clarification for suggested changes.

Because writing code is a team effort that can span years as web sites evolve, the ability for developers to review the history of changes and comments made as new code is written and applied is critical. Version control systems allow you to do so.

Razoyo currently uses Git for version control, as do many reputable developers.


There are many types of testing that go into your customizations of your ecommerce system. We find the best results come from multi-layer testing:

  • Unit testing: A developer testing his code to make sure it fulfills the requirements
  • Feature testing: A business analyst or project manager trying to break the new feature created by the developer
  • Regression testing: Automated and manual testing of a web sites features on different browsers, devices and operating systems to make sure the developer and business analyst didn’t break something else

Testing can be more or less extensive depending on the project at hand. While critical, testing is only one supporting actor. Quality of Code is a process, a practice that is part of our essence.

Costs of bad code can include:

  • increased cost of extending poorly written features
  • unintended negative consequences elsewhere
  • poor customer experience
  • reduced conversion rates
  • increase in cost of customer support
  • security breaches and liability thereof

A Magento client, through their advertising agency, had some structural Search Engine Optimization (SEO) work done on their site before working with Razoyo. Through a code comparison, we found malware in their checkout modules. The SEO company either on their own, or, by a back door they left open, was siphoning off credit cards to a server in Russia. We immediately plugged the leak, but, the client had to alert his customer base about the breach and reset all customer passwords.

Proper code management and QA practices by the client would have avoided this situation.

Developer Bait (treats)