Developer pillar · Module 4 of 6

Writing better code

Working code isn’t enough. Good code is readable, maintainable, and testable. These practices separate professionals from beginners.

← Back to Developer Fundamentals Training

Controls stack visual kit

Reusable icons and a telemetry-to-audit diagram aligned to our fundamentals and operational guides.

Governance evidence

Use for control statements that cite ISO/IEC 42001 clause 6.3 change management, EU AI Act Articles 62–75, and SOC 2 trust service criteria.

Secure supply chain

Pair with SBOM, provenance, and intake guidance that references SPDX or CycloneDX formats, SLSA Level 3 attestations, and NIST SSDF tasks PS.3/PO.4.

Telemetry & evaluations

Highlight logging of prompts, responses, refusal rates, and safety filters alongside adversarial evaluation suites from NIST AI RMF playbooks or UK AISI guidance.

Assurance & resilience

Use for incident response and assurance artefacts that must meet OMB M-24-10 24-hour notifications, CIRCIA’s 72-hour clocks, and serious-incident duties under the EU AI Act.

Signals Controls Evidence Audit

Signals: prompt traces, supplier advisories, and safety filter activations streamed into monitoring.
Controls: guardrails, change review, SBOM validation, and access enforcement tied to AI lifecycle gates.
Evidence: runbooks that capture artefacts for ISO/IEC 42001 management reviews and SOC 2 narratives.
Audit: regulator-facing packets that satisfy EU AI Act post-market monitoring, OMB M-24-10, and CIRCIA timelines.

The practices that matter

Write readable code. You’ll read code 10x more than you write it. Use clear names. Keep functions short. Comment the why, not the what.
Test your code. Automated tests catch bugs before users do. Unit tests verify individual pieces. Integration tests verify they work together.
Handle errors gracefully. Things will fail. Network requests time out. Files don’t exist. Users provide bad input. Plan for it.
DRY (Don’t Repeat Yourself). Duplicate code is a maintenance nightmare. If you’re copy-pasting, consider a function.
KISS (Keep It Simple). Clever code is hard to debug. Simple code is easy to understand. Choose simple.
Refactor regularly. Code rots. Revisit and improve. “Leave the code better than you found it.”

Code review culture

Code review isn’t criticism—it’s collaboration. As a reviewer: be kind, be specific, explain why. As an author: assume good intent, don’t take it personally, learn from feedback.

💡 The real skill

The best code is code that doesn’t need to exist. Before writing, ask: Is there a library for this? Can the design be simpler? Does this feature actually matter? The code you delete is the code you don’t have to maintain.

Free resources

Book (free online): Clean Code summary — Key concepts
Testing: Martin Fowler: Test Pyramid — How to think about testing
Video: Clean Code by Uncle Bob (talk) — Entertaining and educational

← Previous: Development tools Next: Secure coding →