These are general principles that guide all projects. Or at least, these are the principles that I adhere to and enforce for my projects:
- Security is the top concern. We respect local policies and permissions (in particular, we never try to work around them). We write defensive code that does not allow people to intentionally or inadvertently compromise their system through our software.
- Our software is a guest on the user's machine. We ask permission before doing anything interesting or dangerous. We leave if asked, and clean up after ourselves.
- We respect privacy. Our software excels at what it is advertised to do, and does nothing else. We take only what personal information is required to operate (if any), do not move it off the host computer without explicit permission, and never share it with third parties ever.
- We are stable. Our software can run continuously for weeks or months or years and not crash due to leaks or other problems. We handle invalid inputs and behaviors gracefully.
- We are fast and frugal. Every bit of software is profiled and timed. We use the minimum resources required to do the job, and do it fast.
For security tips, see the SANS Top 25 Most Dangerous Programming Errors: http://www.sans.org/top25errors/