We employ a multi-tier application design to ensure application security and robustness. All components are distributed across multiple instances deployed within private networks to prevent communication with the outside world except via our load balancer with a single open port (443 HTTPS).
We have documented development and QA processes to ensure the code quality of our application. Bugs are fixed before new work commences and new features are developed to well-defined specs. We follow industry standard guidelines such as OWASP and all code is subject to peer code review before being released for QA.
We score 10 out of 12 on the Joel test, missing only point 11.
All code, including infrastructure automation, is stored in secure source control repositories.
A complete suite of unit and end-to-end tests is maintained for all application components. These tests are run automatically when new code is pushed to the source control repository and all developers are notified of failing tests.
All new features and code are subject to extensive testing on a staging environment prior to production deployment. New features are also regularly demoed internally during development, meaning that new code has been rigorously tested multiple times before release.