We suggest seven rules as follows:

• Rule #1 : Check all APIs for their failure case.
• Rule #2 : Compile with warnings on (-Wall -Wextra) and eliminate all warnings as far as is possible.
• Rule #3 : Never trust (user) input; validate it.
• Rule #4 : Use assertions in your code.
• Rule #5 : Eliminate unused (or dead) code from the codebase immediately.
• Rule #6 : Test thoroughly; 100% code coverage is the objective. Take the time and trouble to learn to use powerful tools: memory checkers (Valgrind, the sanitizer toolset), static and dynamic analyzers, security checkers (checksec), fuzzers (see the following explanation).
• Rule #7 : Do not assume anything (assume makes an ass out of u and me).

Here are some examples of how serious failures can result from not following the rules: An Ariane 5 unmanned rocket crashed early in its launch (June 4, 1996); the bug was ultimately traced to a register overflow issue, a single type casting error (rule #5). The Knight Capital Group lost $460 million in 45 minutes. Don’t assume the size of a page. Use the getpagesize(2) system call or the sysconf(3) to obtain it. Further along these lines, see the blog article entitled Low-Level Software Design (there are links to these in the Further reading section on GitHub repository).