tags:

views:

2149

answers:

68

Recently there was an ethical question asked, but I'd like some input on what might be included in a comprehensive code of ethics. I'm thinking of something along the lines of the Hippocratic Oath that professional software developers would hold to.

We are in a relatively new profession, so there's likely to be debate about what should and should not be included in an ethical code. There are published ethical codes, such as ACM's and GNU's, but there are deep philosophical differences among programmers. Perhaps we can't find a definitive answer for how programmers should behave, but we can get some consensus on what most of us feel is right and wrong.

Please limit yourself to one point per answer so we can vote up or down. Ideally, the most important ethical considerations will rise to the top and less important clauses will stay at the bottom. I'd say it's fair game to "borrow" points from other published lists and get inspiration from the ethics tag. Please cite any sources. (Inspired by MagicKat's answer.)

+21  A: 

If you use code from somewhere else, cite where you got it from.

MagicKat
Have to downvote this one. If I wanted to professionally create a bibliography I'd be a professional college English student. That said, I officially grant anyone permission to use any code that I post on a public site without citing me.
JohnFx
It's not (just) about permission. I always put a reference in a comment, and it's saved my butt several times. You never know when you're going to need to maintain it.
Ken
+12  A: 

Never commit code that intentionally breaks the build.

Loren Segal
I disagree with this. Is it unethical or merely unprofessional to break the build? In my mind, you aren't making a choice to break the build, you just happen to screw up and commit code before it's ready. That's just clumsiness.
Jacob
Committing a broken build can in fact be an explicit choice ("these new changes to the program break the test code but we can deal with that later!") in which case I would consider it both unprofessional *and* unethical.
Loren Segal
How about "Never commit code that intentionally breaks the build"?
cori
Thanks cori, that's what I was trying to get across. edited :)
Loren Segal
I've been in the situation where breaking this rule was justified...Once coding on a student project in the very early stages, I was developing the central element everyone depended upon while they were going ahead on their components. They knew the interface was subject to change, so I just committed my changes (in bulk at the end of the day, no need to irritate people ;-) ) intentionally breaking the build in the process. This was the best way to communicate to people (developers were spread out over the country) the interface had changed and they should make changes accordingly.
NomeN
+12  A: 

Don't make a program that you know will be used for evil(spam, hacking others sites, etc).

Echo
So never code a web browser? (When the UK government tried to ban all tools for hacking I pointed out the web browser would then be banned) Evil is in the eye of the beholder; nmap is a good example; it can be used for evil, but it's also incredibly useful
blowdart
No, I'm saying don't program something that will specifically/only be use for evil.
Echo
I don't agree with this one. There are alot of programs that can be used for security reasons that could be also used for "evil" as you say.And, Hacking is bad unless done for a malicious purpose. There is plenty of ethical hacking.
Chris Pietschmann
no missile guidance either, please
Kevin Conner
Please don't confuse hacking (tinkering) with cracking/phreaking (breaking into/exploiting systems).
Rob
The key word is "know" in this case. The tool you made may be used for evil without your knowledge or intent, but that's different from designing something that you know will be used for evil.
Erick B
+4  A: 

How about "Don't be evil".

Mark Biek
Is it because I didn't come up with it myself? :)
Mark Biek
OK, I'm back to 0. Someone has a sense of humor.
Mark Biek
Define "evil". ;-)
Jon Ericson
A: 

Reading code is inaccessible to most people, so it definitely needs to include something about documentation agreeing with implementation.

brian
+1  A: 

Commitment to excellence.

(In other words avoid mediocrity and half assed solutions at all costs)

Vinko Vrsalovic
Agree with the sentiment, but not the implementation. If my job depended on developing a half-assed solution (like my boss demanded one) then I'd probably do it. And then start thinking about my commitment to my current job.
cori
That's why ethics are hard, if your job depended on stealing a bank, would you do it or change jobs?
Vinko Vrsalovic
"stealing a bank" - nice :)
Liam
+3  A: 

Don't leave broken windows

auramo
Hmm, how about "Leave broken windows and go to working Linux/osX?"
Bill K
+3  A: 

Stay legal - ie. do not break licensing stuff and sell a product as totally your own if some library you used requires mentioning.

hangy
+20  A: 

When working with existing code, always leave the code cleaner than when you found it.

Brian
This is a good one, but you need to remember not to change any code when doing this or you may break something. Remember, if you were the last one editing the code, and something breaks after your update is applied, you broke it. period.
Chris Pietschmann
I wish I could vote this up 20 times. I once had a job where the developers were uploading code to a live internal system on a **daily** basis, and the whole thing just got uglier and uglier and uglier. It could have easily gone in a positive direction with a little attitude adjustment.
que que
+3  A: 

Do not lie to your customers/clients/boss

(In other words, avoid the it's 90% ready trap, and tell when there have been unexpected problems)

Vinko Vrsalovic
A: 

Don't give bad code out of your hands.

(People might read it and get wrong ideas)

terminus
+6  A: 

Respect your User! Give them solutions that address their problems and work consistently.

theo
+1  A: 

Don't help to kill people.

Stefan Koenig
+3  A: 

Expect the unexpected

(In other words, design for robustness)

Vinko Vrsalovic
+26  A: 

Consider the plight of future programmers (including yourself) when they come to your code. That clever hack you wrote won't look so clever years down the line when someone discovers it's buggy and impossible to understand.

Jon Ericson
That "someone" includes yourself, BTW. Oh, and it doesn't need years.
Jörg W Mittag
You could say "don't write code for the moment, write it for eternity" ... would've avoided Y2K bug :)
ypnos
But think of all the jobs created by *not* writing for eternity. I'm starting to rethink this answer... ;-)
Jon Ericson
@Jon: Yup... *job security* comes to mind...
Steve Schnepp
+26  A: 

Never ship anything you wouldn't use.

(I mean this from an interface/quality standpoint, not from a business use one of course. Thanks to Jon and Grant for pointing out the vagueness of the point.)

Arun
Unless it's software that you wouldn't use.(Custom software for another company for example)
Grant
I think it would help if you expanded on what you mean by "wouldn't". Do you mean: this is junk and I'd rather use a hammer to my head. Or: there's no reason anyone should use it, much less me. Or: this is for lusers, I mean users, not me.
Jon Ericson
+2  A: 

Share your knowledge

(I don't mean open your source, or speak at usergroups but rather don't try to make yourself unfire-able by never telling anyone anything and writing code that's hard to use)

The British Computer Society has both a code of conduct and a code of good practice. The fun thing about ethics is, of course, they're all relative.

blowdart
If you wouldn't mind separating your answers in two, I'd appreciate it.
Jon Ericson
It's only one answer really; the rest is commentary on how ethics is probably the wrong word :)
blowdart
Trouble is that I agree with the first and disagree with the second. How should I vote? (Answers are free, but votes aren't.)
Jon Ericson
*grin* Well like I say everything is relative
blowdart
Ok. I guess I'll throw the baby out with the bathwater then. ;)
Jon Ericson
+9  A: 

On a technical front: Always worry more about the next time some human reads your code than when the machine reads it.

Making code a PC can read and execute is trivial, making code the next guy can pick up an run with in a reasonable amount of time is an art form that can take decades to master.

Bill K
+2  A: 

Know your user.

Kevin Conner
A: 

Don't be cryptic in coding. Either use a clear variable or function name to explain what is going on or comment to allow people after you (or even yourself) to figure out what you were doing when you were trying to be clever.

Rob
+1  A: 

Care about the end users

(Do not deliver ugly, incomplete, unusable software)

Vinko Vrsalovic
A: 

This topic seems to be a little bit strange for me.
The ethical question you giving an example is clearly legal question and not ethical (don't steal can lead to theological discussion, but not ethical). And taking the code from employee is stealing (read your contract).
I can't think about single point in may daily work that i can consider as ethical (from professional point of view). May be only one "Do comment you code properly i.e no over commenting" :)

Response to the comment: The ethical can expend the legal and can not contradict. The question about taking code is clearly legal and if the law is gray in some point it's still legal. If legally you allowed to take code from work so what ethic question is here ? Just take it. I probably to cynical to this discussion.

Response to comment 2: You understand me very well and i don't care lose more points on this:). There is no ethic in our profession. There is good programmer and bad programmer (and the scale between). I can understand ethic for Doctors, Therapist etc ... In our case or you good programmer and you write good code or not. 90% of examples here define good practice in programming the rest is just naive.
Ok i think it's time to wrap it up. I'm done.

Ilya
Hmmm... I don't think you can lock "legal" questions away from ethical ones. For one thing, laws are different in different jurisdictions and for another, laws can be changed. If you compare the two published codes I cited, it's clear even the issue of code ownership is unclear.
Jon Ericson
It sounds like you don't believe ethics exist in our profession. Or am I misunderstanding?
Jon Ericson
I'm curious what you feel is the difference between doctors and programs is that makes a code of ethics unnecessary for us. It can be argued that a single programmer might have influence over more people than a doctor generally does. Having a code of ethics seems like a trait of all professions.
Jon Ericson
+8  A: 

Solve the problems that matter. Let go of the ones that don't.

Kevin Conner
+1  A: 

Write code you would want to use yourself.

Michiel Borkent
A: 

Leave each file at least as neat as you found it.

Kevin Conner
leave them better!
Vinko Vrsalovic
A: 

Use what you have been building, as if you were just a user

Vinko Vrsalovic
A: 

Involve the user in the process. Ultimately, it's their tool your building.

itsmatt
+13  A: 

Program as if the next developer that will maintain your code will be a crazed maniac with an affinity for sharp objects and knows where you live.

EndangeredMassa
+1  A: 

Under no circumstances shall an ethical programmer create of or assist the creation of DRM

Response to comment: That's not DRM that's security software for privacy protection.

Matthew Scouten
which proves that ethics are relative. I'd be happy to create DRM that, for example, wrapped medical information on children so if it leaked it wasn't readable/usable
blowdart
This is an excellent suggestion. But it ought to be elaborated on a bit, I'd think. For instance, what is the philosophical reason for avoiding that behavior. As you may know, some people just like free stuff and other people believe information can not be "owned". Why are you opposed to DRM?
Jon Ericson
That depends on your viewpoint; DRM is restricting usage based on the rights you have; hence limited the ability to read documents based on who you are can be counted as DRM; for example the MS Office Rights Management system.
blowdart
A: 

Have time for people (colleagues) AND code.

Michiel Borkent
+19  A: 

Never use your code for personal job security.

Anything that tends to ensure that you are the only one who can maintain the code falls into this category: lack of comments, misleading comments, obfuscation, poor variable names, misleading function names, functions with multiple side effects, easily confused variable names (simple and simp1e), subtle coding tricks, secret back doors, etc.

Mark T
Aren't people who do this called 'lumpen-programmers'?
Jonathan Webb
+21  A: 

Programmer ethics? How about this:

It should be noted that no ethically-trained software engineer would ever consent to write a DestroyBaghdad procedure. Basic professional ethics would require him to write a DestroyCity procedure, to which Baghdad could be given as a parameter. - Nathanial Borenstein

Chris Upchurch
Excellent! I hope this gets voted to be the dividing line between good and bad.
Jon Ericson
+15  A: 

Code no harm

I'm glad I held off on that answer ("First, do no harm"). Yours is worded more elegantly.
Jon Ericson
I'm bringing this answer to the top of the list. It's a good start and alludes to the Hippocratic Oath in a rather neat way. It also reminds me of the First Law of Robotics, which has direct application to programming.
Jon Ericson
Terse is not necessarily elegant. What do you mean by those 3 words? Anybody's guess. Does it mean I can't program a defense system because it will harm the attacker? The English language is too ambiguous to use that way.
Mark T
These aren't rules, per se. Rather they are principles to live by. If you willfully mis-interpret a code of ethics, it serves no purpose for you. Presumably, other principles will cover more specific concerns, such as which employers are to be avoided.
Jon Ericson
+1  A: 

Always keep your code in some kind of version control system with comments!

typemismatch
+1  A: 

Write code that is self-documenting (or self-describing).

Deano
+14  A: 

I like the IEEE CSDP: Software Engineering Code of Ethics and Professional Practice.

Here are items that I found particularly important:

  • 1.01. Accept full responsibility for their own work.
  • 1.08. Be encouraged to volunteer professional skills to good causes and contribute to public education concerning the discipline.
  • 2.01. Provide service in their areas of competence, being honest and forthright about any limitations of their experience and education.
  • 3.04. Ensure that they are qualified for any project on which they work or propose to work by an appropriate combination of education and training, and experience.
  • 3.09. Ensure realistic quantitative estimates of cost, scheduling, personnel, quality and outcomes on any project on which they work or propose to work and provide an uncertainty assessment of these estimates.
  • 5.08. Not unjustly prevent someone from taking a position for which that person is suitably qualified.
  • 7.02. Assist colleagues in professional development.
  • 7.03. Credit fully the work of others and refrain from taking undue credit.
Paul Reiners
+1  A: 

@Echo

Lots of tools that could be used for hacking and other malicious intents could also be used for good. Things like WireShark, Debuggers, and even password crackers can have both legitimate and malicious uses.

Kibbee
+6  A: 

Here's the unifying theory:

Do unto others as you would have them do unto you.

(respect the original author's white space unless you are the new owner, don't release something you wouldn't use, leave the code at least as neat as you found it, don't break the build, and all the other applicably stuff already listed)

CrashCodes
A solid (gold) suggestion. It's interesting to consider how it would apply to situations where there are multiple "others" such as the DRM issue. A developer who is stuck between an IP owner and users would need to address the concerns of *both* parties, I'd think.
Jon Ericson
A: 

Write self-documenting code and use appropriate comments.

pro3carp3
A: 

Always write your tests first, and never write new code that doesn't have a test already.

Paul Hammond
This seems far from a universal principle. To give an example of when it doesn't make sense, I often write small tools to get a job done. Sometimes they fail in the course of operation and I simply change the tool. Testing occurs when the tool is used.
Jon Ericson
I agree, not all code requires a written test.
Liam
A: 

Don't ship a flawed project without a list of known bugs.

JoshM
A: 

when committing to source control, always include a comment

Bob Chatman
A: 

Use a consistent style within a file.
Which should also match the coding standard for the project.

If you are not the original author that means adapting your style to match the rest of the code within the file. If all the code within the file has a consistent style it (should) be easier to understand and maintain.

Also note there are exceptions to every rule.
Do not follow the standards just because. If following the standard makes the code unreadable adjust accordingly and document the deviation.

Martin York
+3  A: 

When refactoring code don't leave the original code commented out beside the new code.

This is what version control is for.

Martin York
Any particular reason why one should not refactor the code?
Swati
I'd change the answer to: "When refactoring, don't leave the original code ..."
Jon Ericson
+13  A: 

Pay for the commercial software that you use.

It's only fair that other developers are rewarded for their work if you expect to be rewarded in turn.

Jonathan Webb
+2  A: 

For an example, look at the Australian Computer Society's Code of Ethics

Josh
If you wouldn't mind, it would be helpful if you grabbed interesting or important items from that code and posted them separately. Thanks!
Jon Ericson
+2  A: 

Not so much of an ethics issue, but about arrogance: Don't assume your program is the only one running on the client machine. You don't have to optimize everything, but you should try to make the program efficient and stay away from running some background task that's drinking up 10% of the CPU.

RobbieGee
+1  A: 

to make this problem solvable, you would have to separate the ethics involved in programming from what the progamming is going to do. For example, there is programming involved in targetting a nuclear missile, as there is in a medical diagnosis application.

A programmer is a cog in very large group of people coming together to create a solution for a problem, whether it is how to make a bomber invisible to Radar or making a website work well for a client.

Professional ethics would have to start with being honest to your client during the entire process of developement.

Nat
+4  A: 

The Software Engineering Code of Ethics and Professional Practice seems like a good place to start. It was developed jointly by the IEEE and ACM. As a software engineering major, I had to study the whole thing and write up my opinions on it; I won't bore you with that, but here is the preamble of the SECoE&PP:

PREAMBLE

The short version of the code summarizes aspirations at a high level of the abstraction; the clauses that are included in the full version give examples and details of how these aspirations change the way we act as software engineering professionals. Without the aspirations, the details can become legalistic and tedious; without the details, the aspirations can become high sounding but empty; together, the aspirations and the details form a cohesive code.

Software engineers shall commit themselves to making the analysis, specification, design, development, testing and maintenance of software a beneficial and respected profession. In accordance with their commitment to the health, safety and welfare of the public, software engineers shall adhere to the following Eight Principles:

  1. PUBLIC - Software engineers shall act consistently with the public interest.

  2. CLIENT AND EMPLOYER - Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.

  3. PRODUCT - Software engineers shall ensure that their products and related modifications meet the highest professional standards possible.

  4. JUDGMENT - Software engineers shall maintain integrity and independence in their professional judgment.

  5. MANAGEMENT - Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance.

  6. PROFESSION - Software engineers shall advance the integrity and reputation of the profession consistent with the public interest.

  7. COLLEAGUES - Software engineers shall be fair to and supportive of their colleagues.

  8. SELF - Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.

Jacob
If you wouldn't mind, it would be helpful if you posted these separately. Thanks!
Jon Ericson
+14  A: 

Don't hold your users' data hostage.

See DataPortability.org

Jason Morrison
An excellent point!
Jon Ericson
+1  A: 

Borrowing from Hippocrates ... First, do no harm.

That is very general, but ethical rules should be general. It has a lot of "sub-rules":

  • do not write code intended to break machines or systems
  • write what is requested and required and no more.
  • abide by the license terms of code written by others

.. and so on.

tomjedrz
A: 

Don't be too damn clever for your own good. Write code that is appropriate to the organization that you are working in, in terms of complexity and elegance.

There have been times when I've written bits that I thought were incredibly elegant, but that I soon realized were over the head of my peers (not trying to be arrogant, just realistic.) Although the code was well-commented, included unit-test, etc, I became apparent that the guys I was working with just weren't getting it. I ended up breaking it down, throwing away some of the speed and elegance, but getting something 10x more maintainable.

David Hill
A: 

Never break a public interface.

Jon Ericson
A: 

Bill hours honestly.

Jon Ericson
A: 

We work within a technical industry, and whilst some of us like to believe that our work puts us in line with professionals like Doctors or Lawyers we have to admit that what we do is create software. We work to Business Aims and our goal is to complete a Project on time.

A Programmers Code of Ethics seems almost pompous to an outsider, so the only ethics I can really bring to the table are those that apply to other skilled jobs:

  1. Work to the best interests of your employer.
  2. Remain professional and diligent at all times.
  3. Respect and understand your clients.

Past that, there's really not that much we can really say. Everything else should really be down to the employer.

EnderMB
Part of the point of this question is to flesh out your point #2. The other part is to discover if there is ever a situation that trumps points #1 and #3. In other words, a code of ethics is needed to protect programming as a profession and avoid permanently damaging our reputation.
Jon Ericson
The problem, again, is that we make the assumption that programming is significantly different to other technical roles. To those who create software it is magical stuff unconstrained by the laws of physics, but to a business it is a product. In a business context we should follow their ethics.
EnderMB
+6  A: 

Newton once very humbly wrote “If I have seen further it is by standing on the shoulders of giants”. This is very apt for developers as we rely on so many giants of our profession for almost everything we do; from the platforms on which we develop to the help we get from developers all over the world.

I can derive two codes of ethics for programmers from this:

  • Always be humble (Edsger Dijkstra wrote an entire essay on this)
  • Whenever possible, help your fellow developers and give something back to the community (let’s try to be the shoulders on which the next generation would stand)
Abbas
+1  A: 

Don't enter into a relationship with employers or clients who are engaged in unethical activities. You are responsible for who you work for. (See this question.)

Jon Ericson
+1  A: 

Report security vulnerabilities to the person responsible for that system, library or application. Never exploit a security hole to "get their attention" or demonstrate the problem, unless formally and contractually authorized to do so by the responsible party.


Note: tread carefully because there may be legal complications.

Jon Ericson
+4  A: 

Don't use use your technical knowledge to violate the privacy of others.

Jon Ericson
+2  A: 

Do not underestimate the time it will take to complete a task.

Bad estimates are a fact in programming. We have a responsibility to give realistic (even pessimistic) estimates for the time it will take to complete a task. We have a responsibility to improve our accuracy in making estimates.

If you are unable to give an accurate estimate, do not give a guess. You must give a reason, citing the unknown factors in the task that prevent you from making an accurate estimate.

Liam
+3  A: 

Treat the codebase like a campsite: always leave it in better condition than when you found it.

Ether
+2  A: 

Remember that you make a living from people paying for software and reciprocate. Stop ignoring the nag messages in your shareware and shell out the piddly $20 bucks already!

JohnFx
+1  A: 

I encourage my cohort of students to formulate THEIR OWN CODE OF ETHICS based on existing ones (i.e. ACM, IEEE, BCS etc.). Here's an example. Also I ask them to write their thoughts on current ethical issues in IT so there's documentation that they actually thought about these ethical issues (it's released under a by-nc-sa 3.0 Creative Commons license). Here's an example - you'd be surprised what students nowadays think about the contemporary ethical issues in IT that face them everyday.

pageman
+1  A: 

Assume every line of your code is broken until you tested it. But don't assume it isn't broken after you tested it.

nikie
+1  A: 

"It works on my machine" is not an excuse. Corollary: "Could not reproduce" is not a valid reason to close a defect. It's a reason to look harder.

(This obviously does not apply for software you write for yourself.)

nikie
Hah! I have gobs of stuff to fix every time I upgrade!
Arthur Kalliokoski
A: 

Never fall victim to the "when you have a hammer, everything looks like a nail" issue when trying to architect a solution. There is too much technology available to assume only one option will work well.

Dustin Hoffman
+1  A: 

When it comes to code, prefer readable over concise.

Dustin Hoffman
A: 

Credit your sources. Be proud to stand on the jolt cans of giants!

Andrew Neelands