In my courses, there is always a discussion of ethics focusing on the responsibilities we have to protect the public in our technology focused work. Particularly in my software development classes we review the IEEE/ACM Code of Ethics and discuss in detail the individual responsibility every software developer has to maintain high standards in their work and protect the public from danger and damage that could result from flaws in their work. But here’s the dichotomy – individual responsibility versus company immunity. I stress individual responsibility for poor quality code in my classes and yet major software companies have made themselves immune in their licensing agreements from damages resulting from defects in their code. This creates an impossible situation particularly when we talk about security breaches and hacks resulting from insecure code development. What is the incentive to develop secure or high quality code from the ground up, when it appears the only real duty is to send out updates and patches that create even more problems? How do we reinforce individual ethics when employers have created tremendous loopholes to make themselves immune from similar responsibility? We have tried to legislate corporate ethics through SOX and other legislation. Do we need a similar approach to encourage ethics in software development?
Advertisement
1 comment
Comments feed for this article
April 14, 2010 at 1:18 pm
Vlad
Even though I work in a different field now, ethics are still a large concern. Where I’ve seen ethic development fail is when there’s no demand coming from the top of the food chain. Sometimes, very difficult decisions need to be made because you’re responsible for delivering a project on-schedule.
For example, if you can ship product but have to skip a beta-testing phase, do you do it? In some companies, beta-testing is an absolute requirement. In others, shipping product on time is an absolute necessity. If the executive team doesn’t understand the importance of a beta phase, then you’re forced to comply.
The problem with ethical development is the fact it’s a gray line. How will users know a beta-testing phase didn’t occur? How will this be legislated. In this instance, I would propose a “freeze-state” in development. When the product is ready to ship, a third-party board must initiate a state where any more tampering with the code is locked-down for a period of 30 days. Only after the period has passed can the software get fully “certified” for release.