Ethics in Software
Engineering
The source of questions marked with [Pfleeger] is
Software Engineering, by Shari Pfleeger, 1998.
CMSC 345, Fall 2002
1
ethic - 1. A system of moral standards or values. 2. A
particular moral standard or value.
ethical - 1. Having to do with ethics or morality; of or
conforming to moral standards. 2. Conforming to the
standards of conduct of a given profession or group.
Synonym: moral
Source: Webster’s New World College Dictionary, 3rd
edition
CMSC 345, Fall 2002
2
Who’s Responsible? (1)
(Requirements)
Developers work together with customers and users to
define requirements and specify what the proposed
system will do.
If, once it is built, the system works according to
specification but harms someone physically or
financially, who is responsible?
[Pfleeger]
CMSC 345, Fall 2002
3
Who’s Responsible? (2)
What are the legal and ethical implications of using
COTS software? For example, who is responsible for
fixing the problem when the major system fails as a
result of a fault in COTS software?
What checks and balances are needed to ensure the
quality of COTS software before it is integrated into a
larger system?
[Pfleeger]
CMSC 345, Fall 2002
4
Who’s Responsible? (3)
What are the legal and ethical implications of using a
subcontractor? For example, who is responsible for
fixing the problem when the major system fails as a
result of a fault in the subcontractor’s software?
What checks and balances are needed to ensure
the quality of subcontractor software before it is
integrated into a larger system?
[Pfleeger]
CMSC 345, Fall 2002
5
Who’s Responsible? (4)
Suppose Amalgamated, Inc. requires you to use a given
process model when it contracts with you to build a
system. After the software is delivered and installed,
your system experiences a catastrophic failure.
When Amalgamated investigates, you are accused of
not having done code reviews that would have found
the source of the problem before delivery. You respond
that code reviews were not in the required process.
What are the legal and ethical issues involved in this
dispute?
[Pfleeger]
CMSC 345, Fall 2002
6
Who’s Responsible? (5)
If one person has written a component but others have
revised it, who is responsible if the component fails?
[Pfleeger]
CMSC 345, Fall 2002
7
Who’s Responsible? (6)
(Testing)
If an independent test team does integration testing and a
critical fault remains in the code after testing is complete,
who is legally and ethically responsible for the damage
caused by the fault?
[Pfleeger]
CMSC 345, Fall 2002
8
Who’s Responsible? (7)
(Testing)
A safety-critical system fails and several lives are lost.
When the cause of the failure is investigated, the inquiry
commission discovers that the test plan neglected to
consider the case that caused the system failure.
Who is responsible?
• The testers for not noticing the missing case?
• The test planners for not writing a complete test plan?
• The managers for not having checked the test plan?
• The customer for not having done a thorough
acceptance test?
CMSC 345, Fall 2002
[Pfleeger]
9
Who’s Responsible? (8)
(Maintenance)
Suppose you are maintaining a large, safety-critical
system. You use a model to predict which components
are most likely to fail. Then you examine those identified
components carefully and perform perfective and
preventive maintenance on each one.
Soon after, the system undergoes a catastrophic failure.
The source of the failure turns out to be a component
that was not identified by your model.
Are you at fault for neglecting to look at the other
components?
[Pfleeger]
CMSC 345, Fall 2002
10
The Impossible Requirement
Sometimes a customer requests a requirement that you
know is impossible to implement. Should you agree to
put the requirement in the requirements specification
document anyway, thinking that you might come up with a
novel way of meeting it, or thinking that you will ask that
the requirement be dropped later?
What are the ethical implications of promising what you
know you cannot deliver?
[Pfleeger]
CMSC 345, Fall 2002
11
The Impossible Test
If a system’s ultrahigh reliability requirement means
that the reliability can never be verified, should the
system be used anyway?
[Pfleeger]
CMSC 345, Fall 2002
12
Is It Mine? (Version 1)
While developing software for a work project, you get an
idea for a product of your own. Although your product
will not directly compete with the work product, it deals
with the same domain. You decide to develop your
product on your own time, but on your computer at work.
Legal issues aside, who should own your product?
You? The company? The customer?
CMSC 345, Fall 2002
13
Is It Mine? (Version 2)
While developing software for a work project, you get an
idea for a product of your own. Although your product
will not directly compete with the work product, it deals
with the same domain. You decide to develop your
product on your own time on your computer at home.
Legal issues aside, who should own your product? You?
The company? The customer?
CMSC 345, Fall 2002
14
The Layoff
You and several co-workers are laid off from XYZ
Corporation where you were working on developing a
proprietary software product. As you are programmers,
you have access to the corporate software repository.
What procedures should the company follow when you
are told that you are being laid off?
CMSC 345, Fall 2002
15
Should I Fink? (1)
A project teammate misleads her (and your) boss as to
the status of the module she is working on. Are you
responsible for this person’s unethical behavior? If so,
what do you do?
What if the person is a superior?
CMSC 345, Fall 2002
16
Should I Fink? (2)
What do you do if one of your teammates is clearly
incompetent and the project manager doesn’t know it?
CMSC 345, Fall 2002
17
Is It Deception?
What types of project information would be morally
permissible to keep from your client?
What types of project information would be unethical to
keep from your client?
Are there any types of information that are “fuzzy?”
CMSC 345, Fall 2002
18