Codes of ethics for software craft?

A funny thing happened in the testing Twitter community this week. First off, Pedro Gonzalez tweeted a link to an article describing a recent multimillion-dollar settlement against Toyota for lethal bugs in embedded software. (This informative, interesting tweet was not unusual in itself… it’s what I’ve come to expect from testing Twitter.)

There is an industry standard for embedded software in motor vehicles … which is voluntary. According to the article, Toyota declined to follow that standard, and its software developers apparently proceeded to write “spaghetti code” much of which was untestable and unmaintainable.  The testimony of expert witnesses was compelling enough that had the case gone to a jury verdict, a much greater award for punitive damages would probably have resulted.

As I read the article on the Toyota case, I quietly wondered: even if your company declines to follow a standard, don’t you as a craftsperson have SOME kind of ethical responsibility to write solid code (or to test it with thought and care)? Many years ago, my law school classmates and I were required to take a course on professional responsibility and ethics, and were assured that if we behaved in a way contrary to ethical rules, discipline up to and including disbarment could result. If attorneys (and doctors, and accountants…) are bound to a code of conduct, why aren’t those involved in software creation?

Well, just as I was thinking that, another, separate conversation started on Twitter. “Uncle” Bob Martin has advocated recently for a code of ethics for software developers… in fact, he’s proposed a nine-point oath.

Just after Pedro tweeted the Toyota link, Lanette Creamer wondered (rightfully) about the rationale for and effect of such an oath. Why aren’t we routinely taking corporations like Toyota to task when they deliver bad software? If we impose codes of ethics and oaths for individual craftspeople, would we wind up making those people bear the cost of what often are corporate decisions? Why should an individual worker bear the brunt of the responsibility?

Why indeed? The reaction to Martin’s proposal has been mixed. Martin is working to raise the bar in general: he notes in an interview with Matt Heusser, “…you can be hired as a programmer if you tell someone you know something about computers.”

My honest response to that is … yes and no. Many software development shops strive for high standards in hiring. The developers I work with review each other’s code in detail. These practices are entirely voluntary and discretionary, though. I have been in the field as an observer (or tester, or documenter) of software for nearly 20 years. I have never heard of anyone being let go for writing substandard code. EVER. Aspersions about “spaghetti code” get cast but that’s about it.

I’m a software tester. Some people want to impose standards on testers that would minutely prescribe the way I do my work. Like Uncle Bob, I consider myself a craftsperson, and I think that far-reaching standards can inhibit the kind of creative thought that I need to be able to do as a tester. (It interests me that there is a set of standards for embedded software: it was in part by those standards that the expert witnesses for the Toyota plaintiffs established liability. I don’t know whether such standards have a chilling effect on creativity in software development.)

I’m not sure that highly specific standards work when it comes to a craft. But a code of ethics like the one Martin proposes is simultaneously less specific and more compelling than a set of standards. As an attorney, keeping a code of ethics in mind helped ensure that I took my work seriously.

In the United States, the doctrine of respondeat superior ensures that the financial penalty for civil litigation due to negligent acts by an employee (like creation of subpar software) is borne by the employer of the person who wrote the code. I don’t think anyone wants to see an individual software developer or tester be sued for millions of dollars (except, maybe, for some corporations who would otherwise be liable themselves!) But with a code of ethics or an oath comes an opportunity for a mechanism like a Board of Bar Overseers, which takes complaints against individual attorneys and imposes discipline (up to and including disbarment) where appropriate.

Software is everywhere today: in the cars we drive, in the medical devices that help us stay alive. I consult an attorney only on rare occasions and I see a doctor only a handful of times a year. I don’t have the same luxury when it comes to subpar code. None of us does. As we well know, many corporations will avoid successfully the consequences of their actions if they get a chance. As individuals, we might want to be better actors.