A Code of Ethics for (Agile) Software Developers?
Now that software is permeating every aspect of our lives, we software developers have a huge impact on the world. With this power comes responsibility. The responsibility to protect privacy, to create secure applications and to build products in a way that thrives on complexity.
This is why I strongly believe that ‘software developer’ should be a profession, comparable to lawyers or physicians. One defining characteristic of a profession is that it has a Code of Ethics. Much like the Hippocratic Oath taken by physicians or the Archimedean Oath taken (some) engineers.
Robert C. Martin has made a similar point in the past, and so has Philip Laplante. One problem with these ethical codes is that they only work when they are embraced by the majority of developers and when they become a part of educational training. We certainly haven’t reached that point (yet).
A Code of Ethics
As sort of an exercise, I decided to write an ethical code that covers how I feel about our profession. A lot of this stems from the ethical guidelines that I (or developers that inspire me) try to follow, and have followed in the past 20 years as a software developer. Obviously, a real Code of Ethics needs to be created by a group of professionals. But I felt that this was useful exercise to help me think about it. So here goes:
Focus of the developer
- I create software for users, not for managers;
- I embrace that we are stronger as a cross-functional team, working towards a shared goal;
- I will share my knowledge and expertise with other developers and help them grow, much like other developers helped me grow;
- I will treat the people in my team as I would like to be treated by them;
- I will guide others to embrace and adhere to these principles;
Be honest about complexity
- I will not presume to be able to provide detailed estimates or plans when I know that significant complexity is involved (e.g. more is unknown than known). The detail of my estimates and plans will decrease as complexity and/or timespan increases;
- I embrace that software development is a complex endeavor, requiring frequent and intense communication with my team and stakeholders to clarify both the problem and the solution;
- I accept (and will help others accept) that mistakes are inevitable. Instead of trying to avoid mistakes altogether, I will seek to limit their impact and learn from them to avoid similar mistakes in the future;
- I will help make the work for a product transparent so that we can make informed decisions about what still needs to be done and in what order;
- I will help prioritize work for a product based on the value it has for the business, not on (my) personal preferences, likes or dislikes;
- I will ask for help when I’m stuck and motivate others to do the same;
- I will help shorten the feedback cycle for our product wherever I can so that we can learn faster. This includes continuously seeking out ways to release more often (e.g. DevOps, automated testing, continuous delivery) and breaking down large features into smaller features that can be released sooner;
- I will not write code that I know is going to hurt the business in the long term unless there are strong business reasons to do so;
- I will help make technical debt transparent in whatever ways possible so that informed decisions can be made on paying back technical debt as soon as possible;
- I will always help to find a balance between the need for urgency and the need for quality, but never in a way that damages the product, the users or the reputation of the company I work for;
Project security & privacy
- I will not write code with intentional backdoors or intentionally weaken security to monitor or control what users can do. Whatever their purpose, backdoors and compromises to security will inevitably be exploited by hostile parties;
- I will not write code that I know is insecure and easy to exploit;
- I will not write code that harms the privacy of users of my product in ways that are not clear to them;
- I will continue to educate myself in how to build secure products that respect the privacy of their users;
What do you think?
How do you feel about this code of conduct? Does it cover all the important bases? Or do you feel that key areas are lacking? Or would you drop certain sentences? Let me know what you think in the comments.