The 10 Commandments of Software Engineering

Aug 278, 27270·
Mauricio Soto
Mauricio Soto
· 5 min read

A practical manifesto for those who design, build, and operate serious software. Each “commandment” is short, followed by why it matters and practical actions you, your team, or an architect can start applying today.

1. Software Quality Is a Continuous Responsibility

What true quality is: not just “fewer bugs” — but the ability of software to deliver value reliably, securely, and sustainably over time. Quality includes correctness, performance, usability, testability, observability, and ease of change.

Why good engineers care: quality reduces maintenance costs, speeds up long-term delivery, improves user trust, and minimizes financial, legal, and reputational risks.

Practical actions:

  • Define and measure meaningful SLIs/SLOs (latency, errors, availability).
  • Automated testing + design reviews before major changes.
  • Pair programming and structured code reviews with checklists.
  • Allocate 10–20% of cycles to refactoring and paying down technical debt.

2. Embrace the Hacker Mindset — Systematic Curiosity

What it is: engineers with a hacker mindset read RFCs, papers, changelogs, wikis, and review code even outside their stack. They investigate problems at the root and don’t wait for perfectly written tickets — they find the answers themselves.

Why it matters: promotes systems thinking, reduces dependency on incomplete documentation, and accelerates problem-solving.

Practical actions:

  • Dedicate weekly time for technical reading (articles, RFCs, changelogs).
  • Review code outside your stack once a week.
  • Encourage “brown bag” talks and peer learning sessions.
  • Record decisions as ADRs (Architectural Decision Records).

3. Security by Design, Not as a Patch

What it is: security starts with architecture and continues through deployment, runtime, and operations. It’s not just about encryption — it’s threat modeling, access control, dependency management, and incident response.

Why it matters: vulnerabilities scale risk exponentially. Security baked into design reduces surprises and speeds up delivery.

Practical actions:

  • Perform threat modeling for critical features and architectural changes.
  • Apply the principle of least privilege and secure defaults.
  • Automate SCA, SAST/DAST scans in CI.
  • Manage secrets with vaults and ephemeral credentials.
  • Have incident response playbooks and blameless post-mortems.

4. KISS — Keep It Simple, Seriously

What it is: complexity is expensive. Simplicity is the first form of robustness.

Why it matters: simple architectures reduce errors, make testing easier, accelerate onboarding, and enable faster changes.

Practical actions:

  • Prefer simple, direct solutions over generic abstractions (YAGNI).
  • Keep APIs small and contracts clear.
  • Avoid building internal frameworks unless truly necessary.

5. Design for Change — Modularity and Clear Contracts

What it is: systems should be organized with explicit boundaries and versionable contracts.

Why it matters: most costs come from change. Architecture that embraces change = lower long-term cost.

Practical actions:

  • Version and test contracts (APIs, events, schemas).
  • Isolate domains (bounded contexts) with low coupling.
  • Plan migrations and backward compatibility strategies.

6. Automate Everything — CI/CD and Infrastructure as Code

What it is: anything repeatable should be automated: builds, tests, deployments, infrastructure, and rollbacks.

Why it matters: reduces human error, speeds up feedback, and makes releases predictable and safe.

Practical actions:

  • Pipelines with linting, tests, security scans, and automated deploys.
  • Infrastructure as code with peer-reviewed pull requests.
  • Small, frequent deployments with feature flags.

7. Meaningful Testing and Observability from Day One

What it is: tests that validate intent (not just lines) and observability (metrics, structured logs, traces) to understand cause and effect in production.

Why it matters: you can only fix what you can see. Production is the real environment — without observability, you fly blind.

Practical actions:

  • Layered testing strategy: unit, integration, contract, e2e.
  • Define SLIs & alerts with low noise.
  • Distributed tracing on critical services; structured logs with request IDs.

8. Performance, Scalability, and Cost Awareness

What it is: don’t prematurely optimize, but design with growth and cost in mind.

Why it matters: poor performance drives users away and infrastructure costs can spiral out of control.

Practical actions:

  • Profile before optimizing; measure regressions.
  • Build backpressure, timeouts, and circuit breakers into designs.
  • Apply caching with clear invalidation strategies.
  • Run load and capacity tests regularly.

9. Collaboration, Documentation, and Collective Learning

What it is: software is social. Decisions are only sustainable if shared, understood, and documented.

Why it matters: reduces single points of failure (people), improves onboarding, and increases decision quality.

Practical actions:

  • Use ADRs for significant architectural decisions.
  • Encourage constructive code reviews: focus on learning, not punishment.
  • Provide onboarding playbooks and runbooks.
  • Run blameless post-mortems and visible improvement cycles.

If your company lacks this culture, take the initiative yourself! Create lightweight documentation, share knowledge, and support peers. If you see a new colleague struggling, be the one who helps onboard them. Small acts of leadership change culture over time.

10. Ownership, Pragmatism, and Managing Technical Debt

What it is: ownership means responsibility from design to post-deployment monitoring. Pragmatism means balancing speed with sustainability, treating technical debt as a measurable risk.

Why it matters: without ownership, no one truly operates the system. Without debt management, velocity declines over time.

Practical actions:

  • Apply “you build it, you run it” where it makes sense.
  • Prioritize debt by risk and impact — not “fix everything now.”
  • Use health metrics (MTTR, incident count, lead time) to guide investments.
  • Favor small, incremental feedback loops.

Conclusion — How to Apply This Manifesto

  • Pick 2–3 commandments with the highest immediate impact (e.g., automation + observability + threat modeling).
  • Turn them into 2–4 week experiments with measurable outcomes.
  • Record architectural decisions (ADRs) and review SLI/SLOs quarterly.

Great engineering is not about following rules blindly. It’s about making conscious trade-offs with quality, security, and collaboration in mind — while keeping software simple, observable, and resilient to change.

Software Engineering Best Practices Manifesto
Mauricio Soto
Authors
Mauricio Soto (he/him)
Frontend Software Engineer