How to Evaluate a Software Company

Материал из campus.mephi.ru

Перейти к: навигация, поиск

Evaluating Programming

Ask what CMS will be used, and what experience they have writing custom code for that CMS. If they just mention a third party CMS and say they use third party plugins for it, and your project isn't just a very off-the-shelf kind of thing, run for the hills. You need someone who can actually make things, not just plug them together.

You should ask to see examples of specific new functionality they have implemented themselves.

Evaluating Past Experience

You should not expect the company to be able to show another project they have done which is very similar to your own, as this is unreasonable. However, you should look to see projects of a similar kind of complexity and seek to ensure they understand the general traits of your website. For example, expect to see experience writing social websites if you need social functionality.

Evaluating Security

Ask what particular process is used to ensure new code is secure. Ask them on the phone (i.e. without giving them to prepare) what a 'CSRF vulnerability' is. Of course, your phone contact may be a manager, but you can ask them to connect you to a developer. If they cannot connect you to a developer, the "we don't actually do programming in-house" flag should raise: raise your shields, mix your metaphors, and politely slam the phone down.

CSRF stands for "cross site request forgery" and is a vulnerability where a hacker creates an 'evil' third party website and persuades an administrator to go to it, and that 'evil' website redirects a request over to the administrators website to instruct it to do something on it like delete something. If they cannot explain this clearly, you should be extremely concerned that the programmer is not experienced (there are a lot of programmers who have a very focused/limited knowledge of things). Don't let them come crawling back later about how they have "learnt new things", because this will just be illustrative of hundreds of critical holes in their knowledge and a lack of competency and professional integrity.

Evaluating eCommerce

If you are doing credit card processing, ask them what you need on the server for this to work, and any official processes you need to go through. They may say you should use an external processor, like PayPal, which is fine, but ask them to explain what you would need to do if it was all on-site. They should mention a PCI compliance audit, needing a dedicated IP address, and buying an SSL certificate. A manager might not know this, but between a manager and a developer (you may need to talk to both), somebody should.

Evaluating Project management

Ask what process will be used for managing the product. In other words, the web design company and the client typically have a similar kind of mindset:

keep things simpleconcentrate on SEOdrive sales hardkeep the price low

because cost is low, and also the earning potential is quite low due to the low-end quality of the built websites, all involved in the market tend to operate quite low on the earning pyramid (with an aspiration to raise higher of course)

For some companies, this works very well.

Источник — «http://readme.campus.mephi.ru/wiki/How_to_Evaluate_a_Software_Company»