what developers need to know, developer education, code audits 101, how to do a code audit, what should i offer in a code audit, what is a code audit, how to price a code audit, code audit tools, code audit analysis, code audit deliverable, code audit checklist, software code audit

So, you’re a developer. You’ve thought about offering code audits, but maybe you haven’t had a clear idea of what your code audit should provide, why clients go seeking one, or how to price the service.

In January, we covered the questions clients need to ask their developer before getting a code audit, and offered some guidance on how to vet their vendor. This time around, we’re going to cover the developer side of things: why clients seek code audits, what questions you need to be asking before you get started, and how code audits lay a good foundation for a future relationship with your clients.

Why Clients Look For Code Audits

Yes, of course, there’s a ton of information available on the internet, including all the information that a client could need regarding the basics of site performance and functionality. Most clients, however, either don’t have the time to do this research, or don’t have the technical expertise to make sense of it all.

Code audits benefit clients by empowering them to make informed choices about the future of their technology.

When clients are coming to you asking about code audits and an assessment of their technology, they’re looking for your extensive knowledge that empowers you to look at their code, quickly parse the information, and dictate which things are worth building on.

Basic Code Audit Questions

There are a few standard questions every developer should ask before diving right into someone’s code.

What type of project are we auditing?

Knowing what kind of project your client is looking to have assessed is vital to understanding how much time it will take you–and whether or not you’re a good fit for the project. Is it a website audit or a full-scale plugin? An eCommerce site or an app? Knowing what you’re looking at upfront helps you figure out if you have the right expertise to do your client justice…and what kind of scope you’ll set out for your clients.

Are we auditing code that has been custom written by a previous developer or is this a distributed plugin that we’re assessing?

Knowing the origins of the code can help you set your expectations. Custom code created by another developer may take longer to dissect, especially if something is buggy. Is the developer someone you know? If so, that gives you informative context on what you’re dealing with–and provides a point of contact for figuring things out. If not, you know that it may take you longer to dig through and assess what is happening with the code at hand.

If it’s a plugin downloaded from the WordPress Plugin Repository, you know that checking on when it was last updated, as well as going to the plugin page to look over developer updates and reviews, will be a part of your process.

The Most Crucial Thing Developers Need to Understand

The key to delivering a valuable code audit is understanding your client’s underlying goals. If you’re lucky, your client understands their own business goals, and has mapped out the future of their business, too. That information is an enormous assist in guiding you through this process.

The scope of a code audit can vary wildly depending on a client’s objectives.

Here are just a few reasons our clients have sought out code audits:

They want to get rid of a tool, but need a good reason.

Sometimes, a client doesn’t like a tool, but they don’t have the technical knowledge to evaluate whether or not it’s a necessity. They need someone to assess if this tool is truly their best option–or even something they need at all.

There’s a plugin that is freely available, but they want to make sure it’s contributing to a solid technical foundation for their business.

Our websites are our online real estate. A shop owner wouldn’t want to open up their store in a crumbling building, and business owners don’t want to open up their shop on a lousy website. They’re coming to you to find out whether these distributed plugins are their best choices and will set them up for future success.

Their site is custom built, but it’s slow, and they suspect the custom build may be the culprit.

This is fantastic information, because it tells you, the developer, that they’re looking for a performance based evaluation. Now, you know you need to find out more information about their business before getting started. Maybe their business has outgrown their site; the code they had built was once working, but now, it can’t scale. This gives you an opportunity to evaluate performance in a specific, measured way, and give recommendations accordingly.

Their business has changed, but their technology hasn’t.

For example, some plugins do well if they’re on a site that has no users logged in. However, if that same site has switched to a subscription model, it won’t have caching layers that allow the plugins to run as smoothly. Your client may not know this difference. All they know is that they made the switch when they needed to shift their business model. They didn’t recognize the impact it would have on their technology.

Understanding the history of your client’s business (and the trajectory of where they intend to go) provides context regarding what needs to be assessed and what kind of upgrades would serve them best.

There are two plugins that do the same thing, but which one is best for their site?

Once again, this comparison that may be available out there on the internet, but they want your expert insight. If you’ve assessed your client’s business goals and trajectory, you can make a recommendation based on their specific business model. That’s a boon for both you and them! It means that you have something to offer that they can’t get anywhere else.

What About Pricing?

One of the toughest quandaries of them all! Code audit pricing can differ wildly depending on the client. We’ve quoted simple code audits at anywhere from $2,500-$5,000, and have quoted much more complex audits of entire platforms/systems for $50,000+.

Why the disparity?

Three crucial factors come into play:

The deliverable

As we’ve said before, we offer a comprehensive deliverable, filled with detailed information. We take a pragmatic approach, and provide a transparent, realistic look at associated costs with the recommendations we make.

Your clients will need to know what they can expect from you. Is it a document or a confirmation email? Is it a walkthrough on a call? The details of the deliverable determine how much time it will take to create and what value you’re providing.

The scope of the audit

If you’re already a working developer, I don’t have to tell you how scope impacts cost. When pricing services, you need to know what kind of assessment is needed and how much time it will take.

The amount of experience you have

Although we’d all like to dive in and make a bazillion dollars at the start, less experience usually dictates a lower rate. Do the research on what other developers in the same experience bracket are charging. Evaluate what your time is worth (and don’t fall prey to Imposter Syndrome!). Realistically assess how your experience (or lack thereof) informs your expertise and turnaround.


Code Audits: Good for Your Clients and You

Code audits benefit clients by empowering them to make informed choices about the future of their technology. A successful code audit gives your client the opportunity to accurately assess the current state of their tools. It allows your clients the chance to evaluate recommendations, knowing that they were made with their business goals in mind.

It doesn’t just benefit them, though. It also benefits you.

Code audits give you an opportunity to develop new working relationships, and lay groundwork for a long-lasting partnership. The code audit is something you can build on with your client. Whether that leads to performing the recommendations you make or for future development overhauls, the options are endless! This is a low-commitment way to spark a relationship…if you do it right.

Category:
Business, Code Audit
Tags:
,

Leave a Reply

Your email address will not be published. Required fields are marked *