Professional Code of Ethics in Software Engineering nmap run completed -- 1 IP address (1 host up) scanneds % sshnuke 10.2.2.2 -rootpw-"Z1ON0101" Connecting to 10.2.2.2:ssh ... successful. Attempting to exploit SSHv1 CRC32 ... successful. Reseting root password to "Z1ON0101". System open: Access Level (9) % ssh 10.2.2.2 -l root firstname.lastname@example.org password: RTF-CONTROL> disable grid nodes 21 - 48 Warning: Disabling nodes 21-48 will disconnect sector 11 (27 nodes) ARE YOU SURE ? (y/n) Grid Node 21 offline... Grid Node 22 offline... Grid Node 23 offline... Grid Node 24 offline... Grid Node 25 offline... Grid Node 26 offline... Grid Node 27 offline... Grid Node 28 offline... Grid Node 29 offline... Grid Node 30 offline... Grid Node 31 offline... Grid Node 32 offline... Grid Node 33 offline... Grid Node 34 offline... Grid Node 35 offline... Grid Node 36 offline... Grid Node 37 offline... Grid Node 38 offline... If you are not one of us, you are one of them!This presentation is brought to you by Lemi Orhan Ergin as a craftsman in software development
Have you ever heard of PROFESSIONAL CODE OF ETHICS IN SOFTWARE ENGINEERING
Engineering or Craftmanship?Code of Ethics? Ethics in Development? Profession? Professional Professional Code of Ethics in Code of Ethics in Software Engineering Software Engineering
Agenda● Craftsmanship vs Engineering● Is Software Engineering a Profession?● What is Code of Ethics?● Ethics in Software Engineering● Special Cases & Discussions
Episode 1: What are we doing?Craftmanship vs Engineering
Software Engineering is dead “My early metrics book, Controlling Software Projects: Management, Measurement, and Estimates , played a role in the way many budding software engineers quantified work and planned their projects. In my reflective mood, Im wondering, was its advice correct at the time, is it still relevant, and do I still believe that metrics are a must for any successful software development effort? My answers are no, no, and no. Im gradually coming to the conclusion that software engineering is an idea whose time has come and gone. Software development is and always will be somewhat experimental. The actual software construction isnt necessarily experimental, but its conception is. And this is where our focus ought to be. Its where our focus always ought to have been. “ Tom DeMarco IEEE Developed the world’s first commercial stored program telephone switch 1986 recipient of the Warnier Prize for "lifetime contribution to the field of computing" 1999 recipient of the Stevens Award for "contribution to the methods of software development"
Engineering a Software Engineering is the discipline, art and profession of acquiring and applying technical, scientific and mathematical knowledge to design and implement materials, structures, machines, devices, systems, and processes that safely realize a desired objective or inventions. Wikipedia Software Engineering is the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software, and the study of these approaches; that is, the application of engineering to software. Wikipedia Since NATO Software Engineering Conference in the 1968, it has continued as a profession and field of study dedicated to creating software that is of higher quality, more affordable, maintainable, and quicker to build. Wikipedia
Theorical FoundationsSoftware engineering theories and methodologies are developed for dealing withcomplexity and intellectual challenges in large-scale software development. “Software Engineering Foundations: A Software Science Perspective” by Yingxu WangComplexity Threshold
Yet Another Definition “Software engineering is the science and art of specifying, designing, implementing and evolving – with economy, timeliness and elegance – programs, documentation and operating procedures whereby computers can be made useful to man.” J.A. McDermid, 1991 Professor of Software Engineering Leader of the High Integrity Systems Engineering Group (HISE) Department of Computer Science at the University of York, USASoftware engineering is a discipline that adopts engineering approaches, such asestablished methodologies, processes, measurement, tools, standards, organisationmethods, management methods, quality assurance systems and the like, in thedevelopment of large-scale software seeking to result in high productivity, low cost,controllable quality, and measurable development schedule.Software Engineering has specific characters, such as...● its type (mission critical, of course)● its size (Google scale, naturally)● the audience (millions of daily users, obviously)● and so forth.
Control is ultimately illusoryMost software projects fail!Software project success isnt about doing any oneparticular thing right; its the much more daunting task ofnot doing anything wrong. It certainly gives you a newappreciation for those rare successful software projects.What DeMarco seems to be saying is that“Control is ultimately illusory on software developmentprojects”If you want to move your project forward, the only reliableway to do that is to cultivate a deep sense of softwarecraftsmanship and professionalism around it.People who show up every day eager to improve their craftwill ultimately succeed.
Software Craftsmanship Software Craftsmanship is an DISCIPLINE in software development that emphasizes the coding skills of the software developers themselves. It is a response by software developers to the perceived ills of the mainstream software industry, including the prioritization of financial concerns over code quality. Wikipedia http://parlezuml.com/softwarecraftsmanship/
What is a Profession?The body of people in a learned occupation; an occupation requiringspecial education. wordnet.princeton.edu/perl/webwnThe term profession is applied to those persons who have specializedand technical skill or knowledge which they apply, for a fee, to certaintasks that ordinary and unqualified people cannot ordinarily undertake.The term derives from the Latin: "to swear (an oath)". … en.wikipedia.org/wiki/Profession
Software Engineering Profession● Software engineering (SE) as a discipline and profession is relatively young, some even say “immature”.● In 1996, Ford and Gibbs listed designated eight infrastructure components that can be used to evaluate a mature profession: – a professional society – initial professional education – skills development – professional development – accreditation – certification – licensing – a code of ethics 15
Professional Societies● There is no professional society devoted exclusively to software engineering, but there are two societies which provide mature support for the software engineering profession: – Association for Computing Machinery (ACM) (http://www.acm.org/) ● Founded in 1947, ACM has 75, 000 members and has the objective of advancing the skills of computing professionals and students worldwide. ● The ACM has 34 “special interest groups” (SIGS). The Special Interest Group on Software Engineering (SIGSOFT) focuses on issues relating to all aspects of software development and maintenance. – IEEE Computer Society (IEEE-CS) (http://computer.org/) ● Founded in 1946, with nearly 100, 000 members, it is the largest of the 36 societies of the Institute of Electrical and Electronics Engineers (IEEE). ● The Computer Societys vision is to be the leading provider of technical information and services to the worlds computing professionals 16
Certification and Licensing● Certification is a voluntary process administered by a profession.● Currently there are many certification programs for various computing technologies. Many are brand name certifications (e.g. Cisco, Java/Sun, Microsoft, Novell, etc.) and do not deal with the software engineering profession directly. ● The IEEE-CS offers a certification titled Certified Software Development Professional (CSDP). The CSDP has the following components: – At the time of application the candidate holds a baccalaureate or equivalent university degree and has a minimum of 9,000 hours of software engineering experience within at least six (6) of the eleven (11) SE knowledge areas (the ten SWEBOK areas and Professionalism and Engineering Economics). – Candidates are required to subscribe to the Software Engineering Code of Ethics and Professional Practice – Candidates must pass an exam demonstrating mastery of the knowledge areas 17
Certification and Licensing in US● Licensing is a mandatory process administered by a governmental authority.● In the U.S. licensing is administered at the state level.● Only about 18% of U.S. engineers (civil, electrical, mechanical , etc.) are registered.● Texas is currently the only state to license software engineers.● In recent years, no topic has stirred more controversy and debate than certification and licensing of software engineers. – This seems to signal that the nature and maturity of software engineering is not yet stable. 18
Licensing in Turkey Türkiye Cumhuriyeti Türk Mühendis ve Mimar Odaları Birliği (TMMOB) Elektrik Mühendisleri Odası (EMO) Bilgisayar Mühendisliği Meslek Dalı Ana Komisyonu http://www.emo.org.tr/komisyonlar/index.php? kod=536Bilgisayar MEDAK‘ ın amacı, oda içindeki Bilgisayar Mühendisi üyeler arasında mesleki örgütlülüğe vedayanışmaya yönelik politikalar geliştirmek ve Oda birimlerindeki alt komisyonlardaki (MDK) çalışmalardakoordinasyonunun, eşgüdümün sağlanması ve geliştirilmesi olarak tanımlanmaktadır. Kuzey Kıbrıs Türkiye Cumhuriyeti Bilgisayar Mühendisleri Odası http://www.ktbmo.org1992 yılında kurulan ve Bilgisayar Mühendislerini bünyesinde toplayan BMO, KTMMOB çatısı altında çalışan14 meslek odasından biridir. Merkezi Lefkoşada olan BMO, merkezde yaptığı çalışmaların yanısıraÜniversitelerimizde gönüllü üyelerimizin oluşturduğu temsilciliklerde de Üniversitedeki üyelerimiz ileilişkilerimizi geliştirmek, gerekli gördüğü aktiviteleri düzenlemek ve üye sayısını artırmak için çalışmaktadır. 19
SE Education & Training● Ford and Gibbs list four elements related to SE education: initial professional education, skills development, professional development and accreditation.● Initial Professional Education – Undergraduate degree programs in software engineering● Skills Development and Professional Development – Publications, conferences, workshop and tutorials.● Accreditation – The Accreditation Board for Engineering and Technology (ABET) has established accreditation criteria for software engineering programs. 20
National Council of Examiners for Engineering and Surveying (NCEES)Engineering is considered to be a "profession" rather than an "occupation" because of several important characteristics:special knowledge,special privileges,special responsibilities.Professions are based on a large knowledge base requiring extensive training.Professional skills are important to the well-being of society.Professions are self-regulating, in that they control the training and evaluation processes that admit new persons to the field.Professionals have autonomy in the workplace; they are expected to utilize their independent judgment in carrying out their professional responsibilities.Finally, professions are regulated by ethical standards.
Episode 3: What is Code of Ethics? Agreement What is ethical?
Professional Ethics Defined● Professional ethics are set of rules, regulations, and a code of conduct that govern how a profession deals with each other and others outside of the profession.● Different from moral code● Different from legal code
Why should we have a Professional Code of Ethics?● A Professional Code of Ethics serves several functions: Symbolises the professionalism of the group. Defines and promotes a standard for external relations with clients and employers. Protects the group’s interests. Codifies members’ rights. Expresses ideals to aspire to. Offers guidelines in “gray areas”.
(IFIP) International Federation for Information Processing’s Harmonization of Professional Standards (1998)The purpose is to clearly set out an international standard for professional practice in information technology.The components of the standards are:Ethics of professional practice: Practitioners must publicly ascribe to the code of ethics published within the standard.Established body of knowledge: Practitioners must be aware of and have access to a well-documented current body of knowledge relevant to the domain of practice.Education and training: The minimum level of mastery of the body of knowledge must be at the baccalaureate level.Professional experience: In addition to a demonstrated mastery of the body of knowledge a minimum of the equivalent of two years supervised experience is recommended before the practitioner operates unsupervised.Best practice and proven methodologies: Practitioners should be familiar with current best practice and relevant proven methodologies.Maintenance of competence: Practitioners must be able to provide evidence of their maintenance of competence.
Advantages of a Code of EthicsA Code of Ethics enables us to:● Set out the ideals and responsibilities of the profession● Exert a de facto regulatory effect, protecting both clients and professionals● Improve the profile of the profession● Motivate and inspire practitioners, by attempting to define their raison dêtre (reason for being)● Provide guidance on acceptable conduct● Raise awareness and consciousness of issues● Improve quality and consistency
Disadvantages of a Code of EthicsStandards are obligatory, or are merely an aspiration●Whether such a code is desirable or feasible●Whether ethical values are universal or culturally relativistic●●The difficulty of providing universal guidance given theheterogeneous nature of the professionCan not cover all aspects of software development.●Who determines violations?●How are the rules interpreted?●What penalties exist for violations?●
Episode 4: Ethics in Development? Cracked Windows? Helal code?
Why have a Professional Code of Ethics in Computing?● Software has the potential to do good or cause harm, or to enable or influence others to do good or cause harm. (Dilemma Theory)● We have pride in our work and want the work that we do to be given recognition and respect.● We want to protect our livelihood.
Why have a Professional Code of Ethics in Computing?● Software controls many aspects of our lives.● Safety Cars: ABS and Air Bags Auto/Air Traffic Control● Financial Banking: Interest Calculations Tax Filing Software● Just think about every piece of software that effects you life and who developed it.
Some Examples● ACM Code of Ethics and Professional Conduct. – http://www.acm.org/constitution/code.html● Bitish Computer Society Code of Conduct – http://www1.bcs.org.uk/DocsRepository/03200/3224/default.htm● IEEE-CS/ACM Software Engineering Code of Ethics and Professional Practice – http://www.computer.org/tab/seprof/code.htm
Characteristics of a Code of Ethics● They are not simple ethical algorithms that generate ethical decisions.● Sometimes elements of the code may be in tension with each other or other sources. Requires the software engineer to use ethical judgement to act in the spirit of the code of ethics.● A good code of ethics will provide fundemental principles that require thought rather than blind allegiance.
Joint IEEE-CS/ACM Code of Ethics and Professional Practice● Built on 8 principles Public Interest Client and Employer Product Judgement Management Profession Colleagues Self● The principle of Public Interest is central to the code.
Public Interest● Software engineers shall act consistently with the public interest. Approve software only if they have a well-founded belief that it is safe, meets standards, passes tests and does not diminsh quality of life, privacy or harm the environment. Disclose any actual or potential danger to the user. Be fair and avoid deception in all statements concerning software.
Client and Employer● Software engineers shall act in a manner that is in the best interests of their client and employer, consistent with the public interest. Be honest about any limitation of their experience and education. Keep private any confidential information consistent with the public interest and the law. Not knowingly use software that is obtained or retained either illegally or unethically.
Product● Software engineers shall ensure that their products and related modifications meet the highest professional standards possible. Strive for high quality, acceptable cost, and a reasonable schedule, ensuring significant tradeoffs are clear. Ensure adequate testing, debugging, and review of software and related documents on which they work. Treat all forms of software maintenance with the same professionalism as new development.
Judgement● Software engineers shall maintain integrity and independence in their professional judgment. Not engage in deceptive financial practices. Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided or escaped.
Management● Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance. Ensure that software engineers are informed of standards before being held to them. Offer fair and just remuneration. Not punish anyone for expressing ethical concerns about a project.
Profession● Software engineers shall advance the integrity and reputation of the profession consistent with the public interest. Promote public knowledge of software engineering. Be accurate in stating the characteristics of software on which they work. Take responsibility for detecting, correcting, and reporting errors in software and associated documents on which they work.
Colleagues● Software engineers shall be fair to and supportive of their colleagues. Credit fully the work of others and refrain from taking undue credit. Give a fair hearing to the opinions, concerns, or complaints of a colleague. In situations outside of their own areas of competence, call upon the opinions of other professionals who have competence in that area.
Self● Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession. Further their knowledge Improve their ability to create safe, reliable, and useful quality software Improve their ability to produce accurate, informative, and well-written documentation.
Problems with codes of conduct● They don’t cover every case (nor should they).● Can a list of rules define a behaviour that everyone considers right?● Little penalty for non-compliance Requires a Personal Code of Ethics that is broadly in line with the Professional Code.
Ethical Delemma 1: Reverse Engineering● When is reverse engineering ethical?● Scenario: You are asked to produce software to read in a file (with an undisclosed proprietary format) into an application. Test vectors and analysis? Decompilation? “Clean room” environment
Ethics and Professional Conduct● Why should we be interested in ethics and professional conduct?● Here is one answer: Today the quality of software produced by software engineers is critical to society. The success of many, if not most, human endeavors is dependent on high-quality software (e.g. applications used in financial, legal, library, health, personnel, and transportation systems) Lives depend on the safety and reliability of many software systems (e.g. control of aircraft, medical devices, and nuclear power stations) In additional to technical capability, the quality of software products depend on the ethics and professional conduct of the engineers that developer develop them. 45