SlideShare a Scribd company logo

Irresponsible Disclosure: Short Handbook of an Ethical Developer

Lemi Orhan Ergin
Lemi Orhan Ergin

Ethics... It could be the most important and underrated topic in software industry. It is directly related with professionalism, craftsmanship and professional discipline. From time to time we have to jump into the discussions, however we never discuss it deeper. I have found himself in a huge blast of discussions when he tweeted about a **HUGE** security issue at the most popular operating system. Then I had deep thoughts about ethics and the behaviours of ethical developers. In this session I talk about the followings: * I refer to real-life stories of many good practices for professional ethics that are critical in the software development world. * I mention technical and non-technical aspects of being an ethical developer. * I deep dive into the arguments against the ethical controversies and the debate over the sharing of a major error in MacOS via Twitter.

Software
1 of 37
Download to read offline
irresponsible disclosure short handbook of an ethical developer LEMi ORHAN ERGiN AGILE SOFTWARE CRAFTSMAN
we live in a new era
THE DATA ERA
THE DATA ERA where we are the products
where we are the products where our data issoldTHE DATA ERA
where we are the products where our data is soldwe areTHE DATA ERA
where we are the products where our data is soldwe are where algorithms decide what to buy THE DATA ERA
who to vote THE DATA ERA what to feel where we are the products where our data is soldwe are where algorithms decide what to buy
THE DATA ERA where We've facing corruptions more then ever in software history
THE DATA ERA where we need more developers
THE DATA ERA better professionals ethical professionals where we need more developers
we need to talk about ethics more than ever
technology should be constrained by human values https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dystopia_just_to_make_people_click_on_ads WE'RE BUILDING A DYSTOPIA JUST TO MAKE PEOPLE CLICK ON ADS, ZEYNEP TÜFEKÇİ
ethics should govern behaviors
ethics should govern behaviors decisions politics companies management professions
sets of discipline and minimum standards of behaviors turn development into a real profession SOFTWARE DEVELOPMENT IS A PROFESSION
Knowing how well you perform when you do your profession CRAFTSMANSHIP IS A JOURNEY
Loves his job Passioned Disciplined Motivated Apprentice Practices a lot Has no ego Embraces feedback Delivers value, not crap Focuses on quality Shares knowledge Participates meetups Joins communities Ethical developer Improves productivity Works as teams Learns like crazy Feels responsible Retrospects regularly Proficient with the tools Reads a lot Knows to say no No the one in the corner Checks quality metrics Programs in PAIRS lets the code test itself CRAFTER SOFTWARE
Loves his job Passioned Disciplined Motivated Apprentice Practices a lot Has no ego Embraces feedback Delivers value, not crap Focuses on quality Shares knowledge Participates meetups Joins communities Ethical developer Improves productivity Works as teams Learns like crazy Feels responsible Retrospects regularly Proficient with the tools Reads a lot Knows to say no No the one in the corner Checks quality metrics Programs in PAIRS lets the code test itself Ethical developer CRAFTER SOFTWARE
PRINCIPLES of AN ETHICAL DEVELOPER SECURITYPRIVACY HONESTY Customer TEAMWORK QUALITY PERSONAL SOCIAL MEDIA CULTURAL
We apply secure coding practices. SECURITY We test security of so!ware. We do not keep passwords in clear text. We remove passwords from external files. We protect log files and all internals. We inform security vulnerabilities.
We do not disclose private communication. We show respect to privacy of private life. We do not force employees to do overtime. We do not ask passwords of social media accounts to investigate during recruitment process PRIVACY We do not sell/share confidential data
We do not claim expertise where we have none. We do not inflate our abilities. We do not state undone tasks as done. We do not intentionally misestimate tasks. We do not falsely deny the presence of bugs. HONESTY We do not cheat on performance & quality KPIs.
We do not under/over value the outputs. We do not promise what we cannot deliver. We do not hide current status of the project. Customer We do not deceive customers about defects.
We do not hide information from teammates. We do not criticize just to feed out ego. We help our teammates when they need help. We ask help when we need help. TEAMWORK We do not be the guys in the corner
We do adequate testing and review. We write well-cra!ed code. We write sufficient documentation. We take full responsibility of the code. We regularly check code for quality & refactor. We validate fixes before se$ing them as fixed. QUALITY We do not accept to develop in lower quality.
We do not cultivate a brogramming environment. We do not steal unauthorized code. We do not use cracked or unlicensed tools. We do not reuse copyrighted code unless proper license is obtained. We do not suppress others opinions. We do not wait others to invest in our career, we invest in ourselves. PERSONAL We do not do mobbing, act sexist or intimidate.
We do not involve in trolling, social engineering, perception manipulation or black propaganda. We do not post things private to the company you work or to your colleagues. We do not argue with customers even though we are right. We do not communicate with others like an asshole. We show respect in social media. SOCIAL MEDIA
We give feedback fast. We also give positive feedback. We do not raise our voice to colleagues or to customers. We do not blame others. We respect to people and to our profession. We trust by default. CULTURAL We leave our ego behind the doors
what about irresponsible disclosure ?
what about irresponsible disclosure ? It does not ma!er if a bug bounty program exists or not. We should report security vulnerabilities to the company privately. Use private channels and make it confidential. Be ethical and find ways to report it to the company
what about irresponsible disclosure ? hey wait a minute... We already did what we recommended here. It does not ma!er if a bug bounty program exists or not. We should report security vulnerabilities to the company privately. Use private channels and make it confidential. Be ethical and find ways to report it to the company
0-day vulnerability had already published on public by someone 2 weeks before it means, the vulnerability could already be available in deep web it means, hackers could have already started to access machines via root
OUR INFRA TEAM CONTACTED WITH APPLE SEVERAL TIMES ABOUT THE VULNERABILITY Without writing any password, I could connect to system as root after I entered 3 times. I am saying these to let you understand how serious the topic is. If any company get hurt due to this vulnerability, Apple is the responsible. I don't think you can resolve this issue, therefore I want to talk with someone from security. LIKE THE ONE ON NOV 23, 2017 10:58, 5 DAYS BEFORE THE DISCLOSURE
fire alarm When you see the fire spreading uncontrollably, you have to press the fire alarm Sometimes keeping the issue private causes more problems than making it public
https://www.flickr.com/photos/editor/8560592076 https://gratisography.com Attribution 2.0 Generic (CC BY 2.0) CC0-like Custom License https://www.flaticon.comIcons made by Freepik fromFlatIcon Basic License https://www.flickr.com/photos/24498687@N03/2337550017Attribution-NonCommercial 2.0 Generic  (CC BY-NC 2.0) REFER ENCES

Recommended

10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 201810 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
Lemi Orhan Ergin
 
Fighting with Waste Driven Development - XP Days Ukraine 2017
Fighting with Waste Driven Development - XP Days Ukraine 2017Fighting with Waste Driven Development - XP Days Ukraine 2017
Fighting with Waste Driven Development - XP Days Ukraine 2017
Lemi Orhan Ergin
 
Unwritten Manual for Pair Programming
Unwritten Manual for Pair ProgrammingUnwritten Manual for Pair Programming
Unwritten Manual for Pair Programming
Lemi Orhan Ergin
 
Waste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupWaste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia Meetup
Lemi Orhan Ergin
 
Clean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design SimpleClean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design Simple
Lemi Orhan Ergin
 
Coderetreat - Practice to Master Your Crafts
Coderetreat - Practice to Master Your CraftsCoderetreat - Practice to Master Your Crafts
Coderetreat - Practice to Master Your Crafts
Lemi Orhan Ergin
 
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Bosnia Agile
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference Speaker
Sven Peters
 

Recommended

10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 201810 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
Lemi Orhan Ergin
 
Fighting with Waste Driven Development - XP Days Ukraine 2017
Fighting with Waste Driven Development - XP Days Ukraine 2017Fighting with Waste Driven Development - XP Days Ukraine 2017
Fighting with Waste Driven Development - XP Days Ukraine 2017
Lemi Orhan Ergin
 
Unwritten Manual for Pair Programming
Unwritten Manual for Pair ProgrammingUnwritten Manual for Pair Programming
Unwritten Manual for Pair Programming
Lemi Orhan Ergin
 
Waste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupWaste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia Meetup
Lemi Orhan Ergin
 
Clean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design SimpleClean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design Simple
Lemi Orhan Ergin
 
Coderetreat - Practice to Master Your Crafts
Coderetreat - Practice to Master Your CraftsCoderetreat - Practice to Master Your Crafts
Coderetreat - Practice to Master Your Crafts
Lemi Orhan Ergin
 
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Bosnia Agile
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference Speaker
Sven Peters
 
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Agile ME
 
Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocksTop Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
ZeroTurnaround
 
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
ZeroTurnaround
 
XRebel - Real Time Insight, Faster Apps
XRebel - Real Time Insight, Faster AppsXRebel - Real Time Insight, Faster Apps
XRebel - Real Time Insight, Faster Apps
ZeroTurnaround
 
Voxxed days 2015-hakansaglam-codereview
Voxxed days 2015-hakansaglam-codereviewVoxxed days 2015-hakansaglam-codereview
Voxxed days 2015-hakansaglam-codereview
Hakan Saglam
 
Pair Programming - a pratical guide
Pair Programming - a pratical guidePair Programming - a pratical guide
Pair Programming - a pratical guide
Giuseppe Sorrentino
 
Developer Productivity with Forge, Java EE 6 and Arquillian
Developer Productivity with Forge, Java EE 6 and ArquillianDeveloper Productivity with Forge, Java EE 6 and Arquillian
Developer Productivity with Forge, Java EE 6 and Arquillian
Ray Ploski
 
JBoss Forge - Breaking new ground in developer productivity
JBoss Forge - Breaking new ground in developer productivityJBoss Forge - Breaking new ground in developer productivity
JBoss Forge - Breaking new ground in developer productivity
Vineet Reynolds
 
Big Ball of Mud: Software Maintenance Nightmares
Big Ball of Mud: Software Maintenance NightmaresBig Ball of Mud: Software Maintenance Nightmares
Big Ball of Mud: Software Maintenance Nightmares
Gonzalo Rodríguez
 
Developers Nepal Meetup #4 Report
Developers Nepal Meetup #4 ReportDevelopers Nepal Meetup #4 Report
Developers Nepal Meetup #4 Report
Punit Jajodia
 
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
DEVCON
 
Tdd 4 everyone full version
Tdd 4 everyone full versionTdd 4 everyone full version
Tdd 4 everyone full version
Lior Israel
 
Tdd2018 state of the software quality in Germany
Tdd2018 state of the software quality in GermanyTdd2018 state of the software quality in Germany
Tdd2018 state of the software quality in Germany
Orlovsky Consulting GbR
 
Boquet manager
Boquet managerBoquet manager
Boquet manager
Orlovsky Consulting GbR
 
Professionalism and Industry Expectations related to IT industry
Professionalism and Industry Expectations related to IT industry Professionalism and Industry Expectations related to IT industry
Professionalism and Industry Expectations related to IT industry
Tharindu Weerasinghe
 
How to Lose a Dev In 3 Ways
How to Lose a Dev In 3 WaysHow to Lose a Dev In 3 Ways
How to Lose a Dev In 3 Ways
Jamie Wittenberg
 
Pair programming demystified
Pair programming demystifiedPair programming demystified
Pair programming demystified
Marek Kirejczyk
 
Job manager 2020 in Angular
Job manager 2020 in AngularJob manager 2020 in Angular
Job manager 2020 in Angular
Orlovsky Consulting GbR
 
How does pair programming work?
How does pair programming work?How does pair programming work?
How does pair programming work?
Ferdous Pathan
 
An Introduction To Software Engineering
An Introduction To Software EngineeringAn Introduction To Software Engineering
An Introduction To Software Engineering
sritikumar
 
You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012
jadedsecurity
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
Veracode
 

More Related Content

What's hot

Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocksTop Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
ZeroTurnaround
 
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
ZeroTurnaround
 
Big Ball of Mud: Software Maintenance Nightmares
Big Ball of Mud: Software Maintenance NightmaresBig Ball of Mud: Software Maintenance Nightmares
Big Ball of Mud: Software Maintenance Nightmares
Gonzalo Rodríguez
 
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
DEVCON
 

What's hot (20)

Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
Let the Elephants Leave the Room: Tips for Making Development Life Leaner by ...
 
Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocksTop Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
Top Reasons Why Java Rocks (report preview) - http:0t.ee/java-rocks
 
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
Top Java IDE keyboard shortcuts for Eclipse, IntelliJIDEA, NetBeans (report p...
 
XRebel - Real Time Insight, Faster Apps
XRebel - Real Time Insight, Faster AppsXRebel - Real Time Insight, Faster Apps
XRebel - Real Time Insight, Faster Apps
 
Voxxed days 2015-hakansaglam-codereview
Voxxed days 2015-hakansaglam-codereviewVoxxed days 2015-hakansaglam-codereview
Voxxed days 2015-hakansaglam-codereview
 
Pair Programming - a pratical guide
Pair Programming - a pratical guidePair Programming - a pratical guide
Pair Programming - a pratical guide
 
Developer Productivity with Forge, Java EE 6 and Arquillian
Developer Productivity with Forge, Java EE 6 and ArquillianDeveloper Productivity with Forge, Java EE 6 and Arquillian
Developer Productivity with Forge, Java EE 6 and Arquillian
 
JBoss Forge - Breaking new ground in developer productivity
JBoss Forge - Breaking new ground in developer productivityJBoss Forge - Breaking new ground in developer productivity
JBoss Forge - Breaking new ground in developer productivity
 
Big Ball of Mud: Software Maintenance Nightmares
Big Ball of Mud: Software Maintenance NightmaresBig Ball of Mud: Software Maintenance Nightmares
Big Ball of Mud: Software Maintenance Nightmares
 
Developers Nepal Meetup #4 Report
Developers Nepal Meetup #4 ReportDevelopers Nepal Meetup #4 Report
Developers Nepal Meetup #4 Report
 
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
Use The Source Join The Force by Mark Steve Samson | DevCon Summit 2015 #GoO...
 
Tdd 4 everyone full version
Tdd 4 everyone full versionTdd 4 everyone full version
Tdd 4 everyone full version
 
Tdd2018 state of the software quality in Germany
Tdd2018 state of the software quality in GermanyTdd2018 state of the software quality in Germany
Tdd2018 state of the software quality in Germany
 
Boquet manager
Boquet managerBoquet manager
Boquet manager
 
Professionalism and Industry Expectations related to IT industry
Professionalism and Industry Expectations related to IT industry Professionalism and Industry Expectations related to IT industry
Professionalism and Industry Expectations related to IT industry
 
How to Lose a Dev In 3 Ways
How to Lose a Dev In 3 WaysHow to Lose a Dev In 3 Ways
How to Lose a Dev In 3 Ways
 
Pair programming demystified
Pair programming demystifiedPair programming demystified
Pair programming demystified
 
Job manager 2020 in Angular
Job manager 2020 in AngularJob manager 2020 in Angular
Job manager 2020 in Angular
 
How does pair programming work?
How does pair programming work?How does pair programming work?
How does pair programming work?
 
An Introduction To Software Engineering
An Introduction To Software EngineeringAn Introduction To Software Engineering
An Introduction To Software Engineering
 

Similar to Irresponsible Disclosure: Short Handbook of an Ethical Developer

The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
Veracode
 
Everett.brandboek.digitaal.2
Everett.brandboek.digitaal.2Everett.brandboek.digitaal.2
Everett.brandboek.digitaal.2
Onno Tjeerdsma
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
Santhosh Tuppad
 
Becoming a perfect qa resource
Becoming a perfect qa resourceBecoming a perfect qa resource
Becoming a perfect qa resource
mafkhan
 

Similar to Irresponsible Disclosure: Short Handbook of an Ethical Developer (20)

You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
 
Developing a Social Media Policy For Your Business
Developing a Social Media Policy For Your BusinessDeveloping a Social Media Policy For Your Business
Developing a Social Media Policy For Your Business
 
Software projects can go well... ask me how
Software projects can go well... ask me howSoftware projects can go well... ask me how
Software projects can go well... ask me how
 
14 things you need to be a successful software developer (v3)
14 things you need to be a successful software developer (v3)14 things you need to be a successful software developer (v3)
14 things you need to be a successful software developer (v3)
 
Transacting PPT.pptx
Transacting PPT.pptxTransacting PPT.pptx
Transacting PPT.pptx
 
Its not a bug it's a feature - Seattle B sides 2019
Its not a bug it's a feature - Seattle B sides 2019Its not a bug it's a feature - Seattle B sides 2019
Its not a bug it's a feature - Seattle B sides 2019
 
Ai and Design: When, Why and How? - Morgenbooster
Ai and Design: When, Why and How? - MorgenboosterAi and Design: When, Why and How? - Morgenbooster
Ai and Design: When, Why and How? - Morgenbooster
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
Social Media Data & Customer Research
Social Media Data & Customer ResearchSocial Media Data & Customer Research
Social Media Data & Customer Research
 
Resiliency, Risk Management Add a New Dimension to Discussions about Enterpri...
Resiliency, Risk Management Add a New Dimension to Discussions about Enterpri...Resiliency, Risk Management Add a New Dimension to Discussions about Enterpri...
Resiliency, Risk Management Add a New Dimension to Discussions about Enterpri...
 
Everett.brandboek.digitaal.2
Everett.brandboek.digitaal.2Everett.brandboek.digitaal.2
Everett.brandboek.digitaal.2
 
Agile values
Agile valuesAgile values
Agile values
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
 
Level Up - A Career in Security
Level Up - A Career in SecurityLevel Up - A Career in Security
Level Up - A Career in Security
 
Becoming a perfect qa resource
Becoming a perfect qa resourceBecoming a perfect qa resource
Becoming a perfect qa resource
 
Developing a Social Media Policy for Your Law Firm
Developing a Social Media Policy for Your Law FirmDeveloping a Social Media Policy for Your Law Firm
Developing a Social Media Policy for Your Law Firm
 
Personal Branding - What we can learn and apply from Neuroscience
Personal Branding - What we can learn and apply from NeurosciencePersonal Branding - What we can learn and apply from Neuroscience
Personal Branding - What we can learn and apply from Neuroscience
 
7 Secrets to Transform your Safety Communication Skills
7 Secrets to Transform your Safety Communication Skills7 Secrets to Transform your Safety Communication Skills
7 Secrets to Transform your Safety Communication Skills
 
ETHICAL ISSSUES OF AI WITH REFERENCE TO LAW
ETHICAL ISSSUES OF AI WITH REFERENCE TO LAWETHICAL ISSSUES OF AI WITH REFERENCE TO LAW
ETHICAL ISSSUES OF AI WITH REFERENCE TO LAW
 

More from Lemi Orhan Ergin

Yazılım Geliştirme Kültürünün Kodları: Motivasyon, Teknik Mükemmellik ve İnov...
Yazılım Geliştirme Kültürünün Kodları: Motivasyon, Teknik Mükemmellik ve İnov...Yazılım Geliştirme Kültürünün Kodları: Motivasyon, Teknik Mükemmellik ve İnov...
Yazılım Geliştirme Kültürünün Kodları: Motivasyon, Teknik Mükemmellik ve İnov...
Lemi Orhan Ergin
 
Git Anti-Patterns: How To Mess Up With Git and Love it Again
Git Anti-Patterns: How To Mess Up With Git and Love it AgainGit Anti-Patterns: How To Mess Up With Git and Love it Again
Git Anti-Patterns: How To Mess Up With Git and Love it Again
Lemi Orhan Ergin
 
Trespassing The Forgotten and Abandoned: Ethics in Software Development
Trespassing The Forgotten and Abandoned: Ethics in Software DevelopmentTrespassing The Forgotten and Abandoned: Ethics in Software Development
Trespassing The Forgotten and Abandoned: Ethics in Software Development
Lemi Orhan Ergin
 
Teoriden Pratiğe Mikroservisler - Özgür Web Teknolojileri Günü 2014
Teoriden Pratiğe Mikroservisler - Özgür Web Teknolojileri Günü 2014Teoriden Pratiğe Mikroservisler - Özgür Web Teknolojileri Günü 2014
Teoriden Pratiğe Mikroservisler - Özgür Web Teknolojileri Günü 2014
Lemi Orhan Ergin
 

More from Lemi Orhan Ergin (20)

Yeni Nesil Yazılım Kültürü: Daha İyi Profesyoneller, Daha Kaliteli Yazılım, D...
Yeni Nesil Yazılım Kültürü: Daha İyi Profesyoneller, Daha Kaliteli Yazılım, D...Yeni Nesil Yazılım Kültürü: Daha İyi Profesyoneller, Daha Kaliteli Yazılım, D...
Yeni Nesil Yazılım Kültürü: Daha İyi Profesyoneller, Daha Kaliteli Yazılım, D...
 
Scrum Events and Artifacts in Action
Scrum Events and Artifacts in ActionScrum Events and Artifacts in Action
Scrum Events and Artifacts in Action
 
DevOps & Technical Agility: From Theory to Practice
DevOps & Technical Agility: From Theory to PracticeDevOps & Technical Agility: From Theory to Practice
DevOps & Technical Agility: From Theory to Practice
 
Git Anti Patterns - XP Days Ukraine 2017
Git Anti Patterns - XP Days Ukraine 2017Git Anti Patterns - XP Days Ukraine 2017
Git Anti Patterns - XP Days Ukraine 2017
 
Git Anti-Patterns - Extended Version With 28 Common Anti-Patterns) - SCTurkey...
Git Anti-Patterns - Extended Version With 28 Common Anti-Patterns) - SCTurkey...Git Anti-Patterns - Extended Version With 28 Common Anti-Patterns) - SCTurkey...
Git Anti-Patterns - Extended Version With 28 Common Anti-Patterns) - SCTurkey...
 
Git Anti-Patterns: How To Mess Up With Git and Love it Again - DevoxxPL 2017
Git Anti-Patterns: How To Mess Up With Git and Love it Again - DevoxxPL 2017Git Anti-Patterns: How To Mess Up With Git and Love it Again - DevoxxPL 2017
Git Anti-Patterns: How To Mess Up With Git and Love it Again - DevoxxPL 2017
 
Yazılım Geliştirme Kültürünün Kodları: Motivasyon, Teknik Mükemmellik ve İnov...
Yazılım Geliştirme Kültürünün Kodları: Motivasyon, Teknik Mükemmellik ve İnov...Yazılım Geliştirme Kültürünün Kodları: Motivasyon, Teknik Mükemmellik ve İnov...
Yazılım Geliştirme Kültürünün Kodları: Motivasyon, Teknik Mükemmellik ve İnov...
 
Git Anti-Patterns: How To Mess Up With Git and Love it Again
Git Anti-Patterns: How To Mess Up With Git and Love it AgainGit Anti-Patterns: How To Mess Up With Git and Love it Again
Git Anti-Patterns: How To Mess Up With Git and Love it Again
 
Clean Software Design - DevNot Summit Istanbul 2017
Clean Software Design - DevNot Summit Istanbul 2017Clean Software Design - DevNot Summit Istanbul 2017
Clean Software Design - DevNot Summit Istanbul 2017
 
Test Driven Design - GDG DevFest Istanbul 2016
Test Driven Design - GDG DevFest Istanbul 2016Test Driven Design - GDG DevFest Istanbul 2016
Test Driven Design - GDG DevFest Istanbul 2016
 
Let The Elephants Leave The Room - Remove Waste in Software Development - Bos...
Let The Elephants Leave The Room - Remove Waste in Software Development - Bos...Let The Elephants Leave The Room - Remove Waste in Software Development - Bos...
Let The Elephants Leave The Room - Remove Waste in Software Development - Bos...
 
Happy Developer's Guide to the Galaxy: Thinking About Motivation of Developers
Happy Developer's Guide to the Galaxy: Thinking About Motivation of DevelopersHappy Developer's Guide to the Galaxy: Thinking About Motivation of Developers
Happy Developer's Guide to the Galaxy: Thinking About Motivation of Developers
 
Git - Bildiğiniz Gibi Değil
Git - Bildiğiniz Gibi DeğilGit - Bildiğiniz Gibi Değil
Git - Bildiğiniz Gibi Değil
 
Code Your Agility - Tips for Boosting Technical Agility in Your Organization
Code Your Agility - Tips for Boosting Technical Agility in Your OrganizationCode Your Agility - Tips for Boosting Technical Agility in Your Organization
Code Your Agility - Tips for Boosting Technical Agility in Your Organization
 
Lost in Motivation in an Agile World
Lost in Motivation in an Agile WorldLost in Motivation in an Agile World
Lost in Motivation in an Agile World
 
TDD - Inevitable Challenge for Software Developers (phpkonf15 keynote)
TDD - Inevitable Challenge for Software Developers (phpkonf15 keynote)TDD - Inevitable Challenge for Software Developers (phpkonf15 keynote)
TDD - Inevitable Challenge for Software Developers (phpkonf15 keynote)
 
Unleashed Power Behind The Myths: Pair Programming (CraftSummit15)
Unleashed Power Behind The Myths: Pair Programming (CraftSummit15)Unleashed Power Behind The Myths: Pair Programming (CraftSummit15)
Unleashed Power Behind The Myths: Pair Programming (CraftSummit15)
 
Trespassing The Forgotten and Abandoned: Ethics in Software Development
Trespassing The Forgotten and Abandoned: Ethics in Software DevelopmentTrespassing The Forgotten and Abandoned: Ethics in Software Development
Trespassing The Forgotten and Abandoned: Ethics in Software Development
 
Software Craftsmanship - Building A Culture For The Future (GDG DevFest Istan...
Software Craftsmanship - Building A Culture For The Future (GDG DevFest Istan...Software Craftsmanship - Building A Culture For The Future (GDG DevFest Istan...
Software Craftsmanship - Building A Culture For The Future (GDG DevFest Istan...
 
Teoriden Pratiğe Mikroservisler - Özgür Web Teknolojileri Günü 2014
Teoriden Pratiğe Mikroservisler - Özgür Web Teknolojileri Günü 2014Teoriden Pratiğe Mikroservisler - Özgür Web Teknolojileri Günü 2014
Teoriden Pratiğe Mikroservisler - Özgür Web Teknolojileri Günü 2014
 

Recently uploaded

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 

Recently uploaded (20)

WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid Environments
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 

Irresponsible Disclosure: Short Handbook of an Ethical Developer

  • 1. irresponsible disclosure short handbook of an ethical developer LEMi ORHAN ERGiN AGILE SOFTWARE CRAFTSMAN
  • 2. we live in a new era
  • 4. THE DATA ERA where we are the products
  • 5. where we are the products where our data issoldTHE DATA ERA
  • 6. where we are the products where our data is soldwe areTHE DATA ERA
  • 7. where we are the products where our data is soldwe are where algorithms decide what to buy THE DATA ERA
  • 8. who to vote THE DATA ERA what to feel where we are the products where our data is soldwe are where algorithms decide what to buy
  • 9. THE DATA ERA where We've facing corruptions more then ever in software history
  • 10. THE DATA ERA where we need more developers
  • 11. THE DATA ERA better professionals ethical professionals where we need more developers
  • 12. we need to talk about ethics more than ever
  • 13. technology should be constrained by human values https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dystopia_just_to_make_people_click_on_ads WE'RE BUILDING A DYSTOPIA JUST TO MAKE PEOPLE CLICK ON ADS, ZEYNEP TÜFEKÇİ
  • 16.
  • 17. sets of discipline and minimum standards of behaviors turn development into a real profession SOFTWARE DEVELOPMENT IS A PROFESSION
  • 18. Knowing how well you perform when you do your profession CRAFTSMANSHIP IS A JOURNEY
  • 19. Loves his job Passioned Disciplined Motivated Apprentice Practices a lot Has no ego Embraces feedback Delivers value, not crap Focuses on quality Shares knowledge Participates meetups Joins communities Ethical developer Improves productivity Works as teams Learns like crazy Feels responsible Retrospects regularly Proficient with the tools Reads a lot Knows to say no No the one in the corner Checks quality metrics Programs in PAIRS lets the code test itself CRAFTER SOFTWARE
  • 20. Loves his job Passioned Disciplined Motivated Apprentice Practices a lot Has no ego Embraces feedback Delivers value, not crap Focuses on quality Shares knowledge Participates meetups Joins communities Ethical developer Improves productivity Works as teams Learns like crazy Feels responsible Retrospects regularly Proficient with the tools Reads a lot Knows to say no No the one in the corner Checks quality metrics Programs in PAIRS lets the code test itself Ethical developer CRAFTER SOFTWARE
  • 21. PRINCIPLES of AN ETHICAL DEVELOPER SECURITYPRIVACY HONESTY Customer TEAMWORK QUALITY PERSONAL SOCIAL MEDIA CULTURAL
  • 22. We apply secure coding practices. SECURITY We test security of so!ware. We do not keep passwords in clear text. We remove passwords from external files. We protect log files and all internals. We inform security vulnerabilities.
  • 23. We do not disclose private communication. We show respect to privacy of private life. We do not force employees to do overtime. We do not ask passwords of social media accounts to investigate during recruitment process PRIVACY We do not sell/share confidential data
  • 24. We do not claim expertise where we have none. We do not inflate our abilities. We do not state undone tasks as done. We do not intentionally misestimate tasks. We do not falsely deny the presence of bugs. HONESTY We do not cheat on performance & quality KPIs.
  • 25. We do not under/over value the outputs. We do not promise what we cannot deliver. We do not hide current status of the project. Customer We do not deceive customers about defects.
  • 26. We do not hide information from teammates. We do not criticize just to feed out ego. We help our teammates when they need help. We ask help when we need help. TEAMWORK We do not be the guys in the corner
  • 27. We do adequate testing and review. We write well-cra!ed code. We write sufficient documentation. We take full responsibility of the code. We regularly check code for quality & refactor. We validate fixes before se$ing them as fixed. QUALITY We do not accept to develop in lower quality.
  • 28. We do not cultivate a brogramming environment. We do not steal unauthorized code. We do not use cracked or unlicensed tools. We do not reuse copyrighted code unless proper license is obtained. We do not suppress others opinions. We do not wait others to invest in our career, we invest in ourselves. PERSONAL We do not do mobbing, act sexist or intimidate.
  • 29. We do not involve in trolling, social engineering, perception manipulation or black propaganda. We do not post things private to the company you work or to your colleagues. We do not argue with customers even though we are right. We do not communicate with others like an asshole. We show respect in social media. SOCIAL MEDIA
  • 30. We give feedback fast. We also give positive feedback. We do not raise our voice to colleagues or to customers. We do not blame others. We respect to people and to our profession. We trust by default. CULTURAL We leave our ego behind the doors
  • 31. what about irresponsible disclosure ?
  • 32. what about irresponsible disclosure ? It does not ma!er if a bug bounty program exists or not. We should report security vulnerabilities to the company privately. Use private channels and make it confidential. Be ethical and find ways to report it to the company
  • 33. what about irresponsible disclosure ? hey wait a minute... We already did what we recommended here. It does not ma!er if a bug bounty program exists or not. We should report security vulnerabilities to the company privately. Use private channels and make it confidential. Be ethical and find ways to report it to the company
  • 34. 0-day vulnerability had already published on public by someone 2 weeks before it means, the vulnerability could already be available in deep web it means, hackers could have already started to access machines via root
  • 35. OUR INFRA TEAM CONTACTED WITH APPLE SEVERAL TIMES ABOUT THE VULNERABILITY Without writing any password, I could connect to system as root after I entered 3 times. I am saying these to let you understand how serious the topic is. If any company get hurt due to this vulnerability, Apple is the responsible. I don't think you can resolve this issue, therefore I want to talk with someone from security. LIKE THE ONE ON NOV 23, 2017 10:58, 5 DAYS BEFORE THE DISCLOSURE
  • 36. fire alarm When you see the fire spreading uncontrollably, you have to press the fire alarm Sometimes keeping the issue private causes more problems than making it public
  • 37. https://www.flickr.com/photos/editor/8560592076 https://gratisography.com Attribution 2.0 Generic (CC BY 2.0) CC0-like Custom License https://www.flaticon.comIcons made by Freepik fromFlatIcon Basic License https://www.flickr.com/photos/24498687@N03/2337550017Attribution-NonCommercial 2.0 Generic  (CC BY-NC 2.0) REFER ENCES