Doctors, lawyers and engineers are required by their professions to receive certifications and follow certain ethical guidelines. These rules exist to protect those who rely on their services. These professions often have access to sensitive information, or could wreck lives if they are remiss in their responsibilities. Business schools teach ethics, and despite the lapses in those ethics throughout the private sector, there still seems to be an emphasis placed on professional conduct in the business world.
Software development is a skill, and an increasingly important one, but one that is not governed by any licensing or ethical rules. It’s a Wild West of ethical and legal conduct. Sure, organizations like the Association of Computing Machinery have put together their list of ethical standards, but these are voluntary and not binding.
As programming becomes more and more in depth and important to the society of the world, we have an obligation to defend and protect the data of our customers and their customers to the best of our abilities. We have an obligation to develop to high standards, to promptly report and repair security bugs, and to warranty our work. Surely I don’t propose a system like engineers must follow, where they certify that they completed the work they are signing off on, and accept the consequences if that work is faulty; but I also think that the vast amount of personal, credit, financial, medical, and other data that programmers manage on a daily basis comes with a responsibility level that is crucial.
There are real legal consequences, too. A quick search of Craigslist will reveal hundreds of “programmers” looking for work and offering “the best price.” But how many of them adhere to best practices? When programmers work, and deliver a product, they are promising that the product has been built to an industry standard. Making mistakes like insecure passwords, writing in security holes, or baking in bugs that undermine the system’s reliability and security only serves to expose the developer to litigation. This is not a good situation.
We need to take concrete steps to incorporating ethics in our community. Computer scientists should be trained in ethics as a part of their training, if they’re not already. Ethics should be talked about at developer groups and conferences. People should write about (and debate on) the ethical standards for the programming world. And ethical behavior should be a cornerstone of programming. Ethical programmers should be rewarded, and those who are unethical should be ostracized.