The following is a research report on Ethics in Software Engineering I wrote as part of my honors studies. In the process of writing the report I became increasingly aware of the responsibility lying on the shoulders of software developers, how software failures have impacted peoples lives and the damage it can cause - such as a world war (well, almost). The report focuses primarily on the following topics:
- How software developers view software faults
- Defining ethical practices in Software Engineering
- Software Engineering ethics in education
For this report I relied only on published scientific research material. In future posts I plan to expand on some of these topics and include information from other sources.
Ethics in Software Engineering
Software Engineering is impacting society on an increasingly greater scale (Gotterbarn, Don 1999). This paper explores how Software Engineering practitioners deal with this responsibility and touches on how the public at large view faults and mistakes made by Software Engineering professionals. In an attempt to define ethics in Software Engineering, the Code of Ethics as defined by the ACM and IEEE-Computing Society is explored as well as other views, one of which is not in agreement that the Code of Ethics is necessarily the solution to the ethics issue. Furthermore, the topic of ethics in Software Engineering education is explored – specifically whether students are sufficiently trained and whether and how the current situation can be improved.
The Problem of Minimizing Responsibility
Software Engineering has been described as being a craft more than it is a science, and as such SE practitioners have been able to minimize their responsibility in the creation of software failures. Furthermore, the seriousness of software failures have been minimized by using terminology such as “bugs” and “glitches” to describe these events, adding to the idea that some degree of software failure is to be expected and should be considered as being the norm (Gotterbarn, Don 1999). This issue is exacerbated by the media by focusing on the human factor in instances where a combination of software faults and human actions caused a tragedy – simply because it is easier to explain, or because the software has been built according to specification, even though in some instances the specification is flawed. The fact that SE practitioners generally support the view that software faults are “normal” provides an indication that there is an absence of professionalism and ethical concern in the field of Software Engineering not shared by other professions, where similar types of mistakes can have serious consequences for the practitioner (Gotterbarn, Don 1999). Furthermore, attention is mostly given to software failures that feature in the headlines, not the issues that are much more common in the software industry, while it is usually the common instances of disregard for ethics that compound into the big headline grabbing failures (Berenbach, Brian 2009).
The Impact of Software Engineering
It should be noted however that the Software Engineering profession differs starkly to other more traditional engineering professions in that products are released in much shorter cycles, meaning that products receive much less review and oversight (Narayanan, Arvind 2014). This in conjunction with Agile delivery methods, continuous contact with clients and participation in complicated social and ethical environments (McBride, Neil 2012) has the effect that Software Engineers typically have to rely on their own personal ethical standards when designing and deploying software – but considering the influence software has on public welfare, relying on personal ethics alone may not be sufficient (Narayanan, Arvind 2014).
The impact of computers is far reaching and as computer systems are becoming increasingly powerful, society is also becoming increasingly dependent on computers and software (Gotterbarn, Don 1999), (White, John 2002), (Génova, Gonzalo 2007). In addition, it is also stated that the relationship between society and software has reached a point where software is no longer merely a reflection of the values of society, but a driver thereof (Narayanan, Arvind 2014). As such, two types of pressure have been growing – firstly from the public, which seeks to ensure that the actions of this group of specialists will not cause harm (usually by enforcing some kind of regulatory legislation), and secondly – from within the Software Engineering community to unify (Gotterbarn, Don 1999).
Software Engineering has been making steady progress from being merely an occupation into being a profession – this is exemplified in the IEEE-Computing Society and ACM, two of the largest societies in computing, coming together in 1993 to establish a Joint Steering Committee for the Establishment of Software Engineering as a Profession for the purpose of dealing with issues of a professional and technical nature being faced by Software Engineers. This task force consisted of representatives of multiple countries from various industries including the military, government and industry. In this same year as its inception, the Joint Steering Committee made four recommendations; firstly to standardize on definitions, secondly to define the essential body of knowledge and best practices, thirdly to define ethical standards for Software Engineering and lastly to outline a curriculum for Software Engineering as well as other issues related to Software Engineering (Gotterbarn, Don 1999).
An Ethics Code is Born
In order to fulfill the recommendation of defining ethical standards for Software Engineering, the SEEPP (Software Engineering Ethics and Professional Practice) task force was established which produced an Ethics Code for Software Engineers. An Ethics Code is described as a tool for regulating the activities of the profession to which the code applies. The Code underwent several rounds of review until version 5.2 was officially accepted as the Software Engineering Code of Ethics and Professional Practice. The Code explicitly states that every part of the Software Development Life Cycle should be performed in such a way that it regards Software Engineering as a respected profession. The Code makes reference to eight principles that Software Engineering practitioners should adhere to, covering various sections of society and the profession: acting consistently in the best interest of the public, the client as well as the employer, ensuring that any and all products are of the highest possible standard, acting with integrity and independence when executing judgment, adhering to and encouraging ethical behavior through management activities, promoting the integrity of the profession, supporting and treating their colleagues fairly as well as continually developing themselves by subscribing to a process of lifelong learning and promoting ethical behavior (Gotterbarn, Don 1999).
The Software Engineering Ethics Code differs from the ethics codes of other professions in that it attempts to make it easier to translate the code into action. This is achieved by having numerous organizations subscribe to the Code, instead of just a single organization to which a code applies. In addition, the Code also attempts to resolve conflicts within applying its standards by the means of providing an order in which the standards should be satisfied (i.e. by placing public interest above the interest of the employer, company or client) (Gotterbarn, Donald 2009).
Software Engineering practitioners have ample opportunity to either support, or cause harm and as such it is crucial that Software Engineering practitioners, in whichever form, understand and agree to adhere to the Software Engineering Code of Ethics (Gotterbarn, Don 1999). The Code identifies the activities and relationships towards which Software Engineers have the responsibility to act in an ethical manner. In the following sections additional, but non-exhaustive information is provided on the eight principles:
The first principle touches upon the core of the Code, which is that Software Engineers should always act in the best interest of the public. This includes, among other things that practitioners should take responsibility for their work and to place the public best-interest above all else (Gotterbarn, Don 1999).
Secondly Software Engineers should always perform their duties to the benefit of their clients and employers – as long it is still according to public best interest. This principle centers on the practitioner being open and honest towards their employer or clients as well as exercising discretion when dealing with sensitive or confidential information (Gotterbarn, Don 1999).
Thirdly, Software Engineers have a responsibility towards the products they produce by aiming for the highest possible standard of quality, while balancing other factors such as cost, delivery schedules and quality assurance (Gotterbarn, Don 1999). According to this principle, Software Engineers are also ethically bound to ensure that any trade-offs in terms of costing or delivery schedules are communicated to and agreed upon by the product owner (Gotterbarn, Don 1999).
The fourth principle deals with the issue of judgement to be exercised by Software Engineers, specifically on how that relates to them acting with integrity and independence by maintaining their objectivity in decision making, correctly dealing with scenarios surrounding conflicts of interest or inappropriate financial dealings such as bribery (Gotterbarn, Don 1999).
Principle five describes the responsibility of Software Engineers in leadership or management positions in advancing the Code within development and maintenance activities. This includes activities of proper risk management for each project, providing sufficient training for employed Software Engineers, ensuring that cost and delivery timelines are realistic as well as assigning work appropriate to employed Software Engineers’ experience and education – or their willingness to learn the required skill set (Gotterbarn, Don 1999).
The sixth principle states the importance of protecting the reputation of the Software Engineering profession. This is accomplished, among other things by promoting the spirit of the Code within their organization and supporting others that do the same, appropriately reporting violations of the code as well as raising public awareness of the profession of Software Engineering (Gotterbarn, Don 1999).
Principle seven deals with how Software Engineers should deal with their colleagues, especially their responsibility of supporting an encouraging their peers by means of reviewing or assisting them in their work where required, give credit where due or asking for assistance themselves when faced with a task outside their own area of expertise (Gotterbarn, Don 1999).
The final principle brings around the Code towards the responsibility of the Software Engineer towards him- or herself. This responsibility is met by means of fostering a culture of constant learning, not only of emerging technologies or new skills, but also of the Code itself and by agreeing that acting contrary to the Code also means to act in a manner not worthy of the profession of Software Engineering (Gotterbarn, Don 1999).
In a nutshell, the Code is intended to provide a summary of the ethics that Software Engineers should aspire to, indicating how Software Engineers should act in order to adhere to these ethics, as well as making a public statement about the responsibilities of practitioners within the Software Engineering profession to make it clear what their accountability is towards the public and their peers. The Code additionally makes it clear that Software Engineers have a responsibility to understand and critically evaluate and judge specifications before implementing them. Whenever a situations arises in which a Software Engineering practitioner simply ignores their responsibilities in terms of the Code, it is safe to say that the Software Engineer is not acting in good faith according to their profession (Gotterbarn, Donald 2009). The Code centers around human values and the consideration of consequences of breaking the code; as such the Code does not aim to be a “law”, or an exact set of rules to adhere to, but is rather intended to instruct and to provide inspiration to Software Engineers to raise their level of ethical behavior (Génova, Gonzalo 2007).
Not all research is in agreement that that the Code is a silver bullet; due to its age and the seemingly obvious nature of its content it stated that ethical thinking needs to be revolutionized, rather than updating the existing Code (McBride, Neil 2012). This stream of thought recommends that Software Engineers be recognized above all else as service providers and as such Software Engineers should firstly adopt an ethics of service and secondly, due to constant client interaction, a concern for the ethical behavior of the client (McBride, Neil 2012).
Ethics in Education
It is worthy to note that research suggests that ethics are not covered sufficiently in undergraduate software engineering courses (Berenbach, Brian 2009) and that the reason for this phenomenon currently unknown (Narayanan, Arvind 2014). Apart from this, engineering textbooks also do not provide sufficient coverage of ethical dilemmas that could possibly be faced by Software Engineers (Narayanan, Arvind 2014). It is very important that ethical thinking is developed as part of education, as it reinforces moral reasoning and understanding. Since Software Engineers deal with complex problem solving, they are required to think and reason for themselves and as such can be termed “ethical agents” (Génova, Gonzalo 2007). The technological landscape Software Engineers have to deal with is changing and along with the complexities introduced by the raise in globalization it is required that the methods for education Software Engineers be significantly changed (Hawthorne, Matthew J 2005).
It has already been noted that Software Engineers quite frequently have to rely on their own personal ethics, but that this may not always be appropriate as it may provide opportunity for practitioners to justify certain behavior to themselves. In contrast to relying on personal ethics in guiding conduct, the alternative of reliance on professional ethics is proposed as a superior approach. Professional ethics, through the means of a code of ethics, helps practitioners distinguish behavioral integrity from non-ethical behavior in the context of a particular profession – this can be taught to students through ethics-focused training. Should it happen that students gain more exposure to ethics related matters in Software Engineering courses, it will pave the way towards discussion of difficult moral matters with their future peers (Narayanan, Arvind 2014). Although many factors contribute to ethical behavior, two important broad values that should be covered are that of integrity and excellence and how it relates to every part the profession (Hawthorne, Matthew J 2005).
Ethics in Software Engineering can be taught to students either by embedding issues relating to ethics within every course, or by having a course dedicated to the subject. Although it is suggested that the prior option of integrating ethics into each course is preferred and to make use of hypothetical scenarios and real-world case studies as teaching tools (Narayanan, Arvind 2014). The alternative is also recommended in that additional ethics courses should be made available within Software Engineering training programmes and that students should not only be made aware of current codes of ethics, but should also expose students to ethical reasoning and to exercise ethical judgement based on certain real-world contexts (Génova, Gonzalo 2007). It is noted that students aren’t usually enthusiastic about learning about ethics and as such it is suggested that courses dealing with these topics be left until later in the curriculum in order for students to first gain a better understanding of the foundational matters in order to better understand the reasoning behind the course content as well as how to apply them (Lethbridge, Timothy C 2007).
Ethics in the Workplace
Changing Software Engineering courses to include content relating ethics will however only address part of the problem, as this does not cater for Software Engineering practitioners who have already completed these courses and already form part of the workforce. In working towards solving this issue, it is suggested that organizations consider appointing ethics officers as part of a program to ingrain ethics into the organization culture. These ethics officers are assigned the responsibility of ensuring that all employees, IT as well as non-IT, are trained on issues surrounding ethics. Additionally ethics officers should scrutinize project plans for content that may put the organization at risk of unethical behavior, assist in the drafting of and integration into existing procedures policies items covering ethics in the organization. Furthermore, ethics officers should make themselves available to coach the organization in ethics, even if it is only through serving as a medium through which employees can confidentially share information surrounding ethical challenges (Staff, CACM 2014).
It is clear that Software Engineering cannot be directly compared with other disciplines. However, what is of great concern is the seemingly nonchalant attitude towards faults being held by Software Engineering practitioners in general – especially considering the significant impact that software and technologies controlled by it has on society. Two major role players in the field of Software Engineering, namely the ACM and IEEE-Computing Society joined forces as mapped out a Code of Ethics in order to instruct and inspire Software Engineering professionals to raise the bar in ethical behavior. The Code describes ethical behavior in a Software Engineering context through the means of eight principles, beginning with the responsibility of Software Engineers towards the general public and working through a series of relationships down to the responsibility of the Software Engineer towards himself. Apart from the code, it is also suggested that in a very broad sense, ethics can be described as ingraining integrity and excellence into every Software Engineering activity. It is notable that the topic of ethics is not at all sufficiently covered in Software Engineering curriculum. In instances where it is covered, the strategy of the content may need to be updated to deal with the complexities modern Software Engineers are faced with. In order to prepare students for being able to apply the lessons learned in ethics courses, it is suggested that teaching methods of hypothetical scenarios and real-world case studies be utilized. Attacking the issue at undergraduate level alone may not be enough, as this will not address the issue of educating Software Engineers that already practice professionally. One proposed solution is for organizations to appoint ethics officers whose responsibility it is to serve as a catalyst for ethical behavior in the workplace.
Berenbach, B. & Broy, M. 2009, "Professional and ethical dilemmas in software engineering", Computer, vol. 42, no. 1, pp. 74.
Génova, G., González, M.R. & Fraga, A. 2007, "Ethical education in software engineering: Responsibility in the production of complex systems", Science and Engineering Ethics, vol. 13, no. 4, pp. 505-522.
Gotterbarn, D. 1999, "Not all codes are created equal: The software engineering code of ethics, a success story", Journal of Business Ethics, vol. 22, no. 1, pp. 81-89.
Gotterbarn, D. & Miller, K.W. 2009, "The Public is the Priority: Making Decisions Using the Software Engineering Code of Ethics.",IEEE Computer, vol. 42, no. 6, pp. 66-73.
Hawthorne, M.J. & Perry, D.E. 2005, "Software engineering education in the era of outsourcing, distributed development, and open source software: challenges and opportunities", International Conference on Software Engineering Springer, , pp. 166.
Lethbridge, T.C., Diaz-Herrera, J., Richard Jr, J. & Thompson, J.B. 2007, "Improving software practice through education: Challenges and future trends", Future of Software Engineering, 2007. FOSE'07IEEE, , pp. 12.
Narayanan, A. & Vallor, S. 2014, "Why software engineering courses should include ethics coverage", Communications of the ACM, vol. 57, no. 3, pp. 23-25.
McBride, N. 2012, "The ethics of software engineering should be an ethics for the client", Communications of the ACM, vol. 55, no. 8, pp. 39-41.
Staff, C. 2014, "Know your steganographic enemy", Communications of the ACM, vol. 57, no. 5, pp. 8-8.
White, J. & Simons, B. 2002, "ACM's position on the licensing of software engineers", Communications of the ACM, vol. 45, no. 11, pp. 91.