Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Irresponsible Disclosure: Short Handbook of an Ethical Developer

731 views

Published on

Ethics... It could be the most important and underrated topic in software industry. It is directly related with professionalism, craftsmanship and professional discipline. From time to time we have to jump into the discussions, however we never discuss it deeper.

I have found himself in a huge blast of discussions when he tweeted about a **HUGE** security issue at the most popular operating system. Then I had deep thoughts about ethics and the behaviours of ethical developers.

In this session I talk about the followings:
* I refer to real-life stories of many good practices for professional ethics that are critical in the software development world.
* I mention technical and non-technical aspects of being an ethical developer.
* I deep dive into the arguments against the ethical controversies and the debate over the sharing of a major error in MacOS via Twitter.

Published in: Software
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Irresponsible Disclosure: Short Handbook of an Ethical Developer

  1. 1. irresponsible disclosure short handbook of an ethical developer LEMi ORHAN ERGiN AGILE SOFTWARE CRAFTSMAN
  2. 2. we live in a new era
  3. 3. THE DATA ERA
  4. 4. THE DATA ERA where we are the products
  5. 5. where we are the products where our data issoldTHE DATA ERA
  6. 6. where we are the products where our data is soldwe areTHE DATA ERA
  7. 7. where we are the products where our data is soldwe are where algorithms decide what to buy THE DATA ERA
  8. 8. who to vote THE DATA ERA what to feel where we are the products where our data is soldwe are where algorithms decide what to buy
  9. 9. THE DATA ERA where We've facing corruptions more then ever in software history
  10. 10. THE DATA ERA where we need more developers
  11. 11. THE DATA ERA better professionals ethical professionals where we need more developers
  12. 12. we need to talk about ethics more than ever
  13. 13. technology should be constrained by human values https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dystopia_just_to_make_people_click_on_ads WE'RE BUILDING A DYSTOPIA JUST TO MAKE PEOPLE CLICK ON ADS, ZEYNEP TÜFEKÇİ
  14. 14. ethics should govern behaviors
  15. 15. ethics should govern behaviors decisions politics companies management professions
  16. 16. sets of discipline and minimum standards of behaviors turn development into a real profession SOFTWARE DEVELOPMENT IS A PROFESSION
  17. 17. Knowing how well you perform when you do your profession CRAFTSMANSHIP IS A JOURNEY
  18. 18. Loves his job Passioned Disciplined Motivated Apprentice Practices a lot Has no ego Embraces feedback Delivers value, not crap Focuses on quality Shares knowledge Participates meetups Joins communities Ethical developer Improves productivity Works as teams Learns like crazy Feels responsible Retrospects regularly Proficient with the tools Reads a lot Knows to say no No the one in the corner Checks quality metrics Programs in PAIRS lets the code test itself CRAFTER SOFTWARE
  19. 19. Loves his job Passioned Disciplined Motivated Apprentice Practices a lot Has no ego Embraces feedback Delivers value, not crap Focuses on quality Shares knowledge Participates meetups Joins communities Ethical developer Improves productivity Works as teams Learns like crazy Feels responsible Retrospects regularly Proficient with the tools Reads a lot Knows to say no No the one in the corner Checks quality metrics Programs in PAIRS lets the code test itself Ethical developer CRAFTER SOFTWARE
  20. 20. PRINCIPLES of AN ETHICAL DEVELOPER SECURITYPRIVACY HONESTY Customer TEAMWORK QUALITY PERSONAL SOCIAL MEDIA CULTURAL
  21. 21. We apply secure coding practices. SECURITY We test security of so!ware. We do not keep passwords in clear text. We remove passwords from external files. We protect log files and all internals. We inform security vulnerabilities.
  22. 22. We do not disclose private communication. We show respect to privacy of private life. We do not force employees to do overtime. We do not ask passwords of social media accounts to investigate during recruitment process PRIVACY We do not sell/share confidential data
  23. 23. We do not claim expertise where we have none. We do not inflate our abilities. We do not state undone tasks as done. We do not intentionally misestimate tasks. We do not falsely deny the presence of bugs. HONESTY We do not cheat on performance & quality KPIs.
  24. 24. We do not under/over value the outputs. We do not promise what we cannot deliver. We do not hide current status of the project. Customer We do not deceive customers about defects.
  25. 25. We do not hide information from teammates. We do not criticize just to feed out ego. We help our teammates when they need help. We ask help when we need help. TEAMWORK We do not be the guys in the corner
  26. 26. We do adequate testing and review. We write well-cra!ed code. We write sufficient documentation. We take full responsibility of the code. We regularly check code for quality & refactor. We validate fixes before se$ing them as fixed. QUALITY We do not accept to develop in lower quality.
  27. 27. We do not cultivate a brogramming environment. We do not steal unauthorized code. We do not use cracked or unlicensed tools. We do not reuse copyrighted code unless proper license is obtained. We do not suppress others opinions. We do not wait others to invest in our career, we invest in ourselves. PERSONAL We do not do mobbing, act sexist or intimidate.
  28. 28. We do not involve in trolling, social engineering, perception manipulation or black propaganda. We do not post things private to the company you work or to your colleagues. We do not argue with customers even though we are right. We do not communicate with others like an asshole. We show respect in social media. SOCIAL MEDIA
  29. 29. We give feedback fast. We also give positive feedback. We do not raise our voice to colleagues or to customers. We do not blame others. We respect to people and to our profession. We trust by default. CULTURAL We leave our ego behind the doors
  30. 30. what about irresponsible disclosure ?
  31. 31. what about irresponsible disclosure ? It does not ma!er if a bug bounty program exists or not. We should report security vulnerabilities to the company privately. Use private channels and make it confidential. Be ethical and find ways to report it to the company
  32. 32. what about irresponsible disclosure ? hey wait a minute... We already did what we recommended here. It does not ma!er if a bug bounty program exists or not. We should report security vulnerabilities to the company privately. Use private channels and make it confidential. Be ethical and find ways to report it to the company
  33. 33. 0-day vulnerability had already published on public by someone 2 weeks before it means, the vulnerability could already be available in deep web it means, hackers could have already started to access machines via root
  34. 34. OUR INFRA TEAM CONTACTED WITH APPLE SEVERAL TIMES ABOUT THE VULNERABILITY Without writing any password, I could connect to system as root after I entered 3 times. I am saying these to let you understand how serious the topic is. If any company get hurt due to this vulnerability, Apple is the responsible. I don't think you can resolve this issue, therefore I want to talk with someone from security. LIKE THE ONE ON NOV 23, 2017 10:58, 5 DAYS BEFORE THE DISCLOSURE
  35. 35. fire alarm When you see the fire spreading uncontrollably, you have to press the fire alarm Sometimes keeping the issue private causes more problems than making it public
  36. 36. https://www.flickr.com/photos/editor/8560592076 https://gratisography.com Attribution 2.0 Generic (CC BY 2.0) CC0-like Custom License https://www.flaticon.comIcons made by Freepik fromFlatIcon Basic License https://www.flickr.com/photos/24498687@N03/2337550017Attribution-NonCommercial 2.0 Generic  (CC BY-NC 2.0) REFER ENCES

×