Ethics... It could be the most important and underrated topic in software industry. It is directly related with professionalism, craftsmanship and professional discipline. From time to time we have to jump into the discussions, however we never discuss it deeper.
I have found himself in a huge blast of discussions when he tweeted about a **HUGE** security issue at the most popular operating system. Then I had deep thoughts about ethics and the behaviours of ethical developers.
In this session I talk about the followings:
* I refer to real-life stories of many good practices for professional ethics that are critical in the software development world.
* I mention technical and non-technical aspects of being an ethical developer.
* I deep dive into the arguments against the ethical controversies and the debate over the sharing of a major error in MacOS via Twitter.
13. technology should be constrained
by human values
https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dystopia_just_to_make_people_click_on_ads
WE'RE BUILDING A DYSTOPIA JUST TO MAKE PEOPLE CLICK ON ADS, ZEYNEP TÜFEKÇİ
17. sets of discipline and minimum standards
of behaviors turn development into
a real profession
SOFTWARE DEVELOPMENT IS A PROFESSION
18. Knowing how well you perform
when you do your profession
CRAFTSMANSHIP IS A JOURNEY
19. Loves his job
Passioned
Disciplined
Motivated
Apprentice
Practices a lot
Has no ego
Embraces feedback
Delivers value, not crap
Focuses on quality
Shares knowledge
Participates meetups
Joins communities
Ethical developer
Improves productivity
Works as teams
Learns like crazy
Feels responsible
Retrospects regularly
Proficient with the tools
Reads a lot
Knows to say no
No the one in the corner
Checks quality metrics
Programs in PAIRS
lets the code test itself
CRAFTER
SOFTWARE
20. Loves his job
Passioned
Disciplined
Motivated
Apprentice
Practices a lot
Has no ego
Embraces feedback
Delivers value, not crap
Focuses on quality
Shares knowledge
Participates meetups
Joins communities
Ethical developer
Improves productivity
Works as teams
Learns like crazy
Feels responsible
Retrospects regularly
Proficient with the tools
Reads a lot
Knows to say no
No the one in the corner
Checks quality metrics
Programs in PAIRS
lets the code test itself
Ethical developer
CRAFTER
SOFTWARE
21. PRINCIPLES of AN
ETHICAL DEVELOPER
SECURITYPRIVACY HONESTY Customer TEAMWORK
QUALITY PERSONAL SOCIAL MEDIA CULTURAL
22. We apply secure coding practices.
SECURITY
We test security of so!ware.
We do not keep passwords in clear text.
We remove passwords from external files.
We protect log files and all internals.
We inform security vulnerabilities.
23. We do not disclose private communication.
We show respect to privacy of private life.
We do not force employees to do overtime.
We do not ask passwords of social media accounts
to investigate during recruitment process
PRIVACY
We do not sell/share confidential data
24. We do not claim expertise where we have none.
We do not inflate our abilities.
We do not state undone tasks as done.
We do not intentionally misestimate tasks.
We do not falsely deny the presence of bugs.
HONESTY
We do not cheat on performance & quality KPIs.
25. We do not under/over value the outputs.
We do not promise what we cannot deliver.
We do not hide current status of the project.
Customer
We do not deceive customers about defects.
26. We do not hide information from teammates.
We do not criticize just to feed out ego.
We help our teammates when they need help.
We ask help when we need help.
TEAMWORK
We do not be the guys in the corner
27. We do adequate testing and review.
We write well-cra!ed code.
We write sufficient documentation.
We take full responsibility of the code.
We regularly check code for quality & refactor.
We validate fixes before se$ing them as fixed.
QUALITY
We do not accept to develop in lower quality.
28. We do not cultivate a brogramming environment.
We do not steal unauthorized code.
We do not use cracked or unlicensed tools.
We do not reuse copyrighted code unless proper license is obtained.
We do not suppress others opinions.
We do not wait others to invest in our career, we invest in ourselves.
PERSONAL
We do not do mobbing, act sexist or intimidate.
29. We do not involve in trolling, social engineering, perception
manipulation or black propaganda.
We do not post things private to the company you work or to
your colleagues.
We do not argue with customers even though we are right.
We do not communicate with others like an asshole.
We show respect in social media.
SOCIAL MEDIA
30. We give feedback fast.
We also give positive feedback.
We do not raise our voice to colleagues or to customers.
We do not blame others.
We respect to people and to our profession.
We trust by default.
CULTURAL
We leave our ego behind the doors
32. what about irresponsible disclosure ?
It does not ma!er if a bug bounty program exists or not.
We should report security vulnerabilities to the company privately.
Use private channels and make it confidential.
Be ethical and find ways to report it to the company
33. what about irresponsible disclosure ?
hey wait a minute...
We already did what we recommended here.
It does not ma!er if a bug bounty program exists or not.
We should report security vulnerabilities to the company privately.
Use private channels and make it confidential.
Be ethical and find ways to report it to the company
34. 0-day vulnerability
had already published
on public by someone
2 weeks before
it means, the
vulnerability could
already be available
in deep web
it means, hackers could
have already started to
access machines via root
35. OUR INFRA TEAM CONTACTED WITH APPLE SEVERAL TIMES ABOUT THE
VULNERABILITY
Without writing any password, I could connect
to system as root after I entered 3 times.
I am saying these to let you understand how
serious the topic is.
If any company get hurt due to this
vulnerability, Apple is the responsible.
I don't think you can resolve this issue,
therefore I want to talk with someone from
security.
LIKE THE ONE ON NOV 23, 2017 10:58, 5 DAYS BEFORE THE DISCLOSURE
36. fire alarm
When you see the fire spreading uncontrollably, you have to press the fire alarm
Sometimes keeping the issue private causes more problems than making it public