Ethical guidelines for software developers exist. Code is effectively a regulatory construct (Lessig). The ethics that build the code define the ethics in an ever increasing technological world. This was covered in Part I.
In today's world, code is increasingly re-used. This reduces the amount of time it takes to develop software. Production environments have morphed from, "Press Play On Tape" to complex interdependent systems. A bug in any part of the interdependent system can bring down the entire server.
A developer who writes a piece of code doesn't really know how it will be used. All that developer can do is trust that the code is used for the right reasons.
From the Headlines: Wordpress Compromised.
Hundreds of thousands of Wordpress sites that weren't updated were compromised in December of 2014. Now consider this quote:
...Now it seems that websites running a third-party plug-in called Slider Revolution are being hacked, and malicious code is being installed that will in turn infect those who visit the website. The developers of the plug-in, ThemePunch, have admitted that they knew about the vulnerability in February this year but kept quiet about it...
Horrid, right? Not really. Themepunch did know about it and patched it within hours (emphasis mine):
In september 2014 the internet security company “Sucuri” released an article about a critical vulnerability in our “Slider Revolution Responsive WordPress Plugin”.
As our plugin is widely used on millions of wordpress sites throughout the web, the problem needed to be tackled as soon as possible.
Our decision to keep the update relatively “silent” (only a “security fix” text was put into our update list) was based on our fear that an instant public announcement would spark a mass exploitation of the issue.
We had the hope that in time (29 updates between february version 4.2 to september version 4.6) most users of Revolution Slider would update their plugin installations to close the security hole. Sadly that was not the case...
ThemePunch had acknowledged and fixed the error, and quietly put a fix out. From an ethical standpoint, they did everything that they could and with 29 updates since, it's easy to see where the fault lies - with those that didn't update their sites.
So, while good code ethics were practiced, the end result was not pleasant. The harsh reality is that we software developers have to be careful to know how the software will be used, and yes, this includes updates. For the record, Wordpress has made it possible to update automatically - but as Brian Lewis's blog entry and comments point out (in the context of asking about auto updates for Drupal), new problems can arise because of automatic updates, particularly in customized complex environments.
And the phrase 'customized complex environments' covers just about every website out there. So now we're beyond just writing the code, we're into supporting the code through it's software life cycle - a life cycle that typically ends when the software is no longer supported. Software is no longer supported either because it has become antiquated by competing software, upgrades in hardware or when the business model can no longer bear the cost of the software. Since I picked on Wordpress above, I should note that Drupal major versions are no longer supported when the new version competes with the old one because... oh, I don't know that there is a good excuse.
So now we're into the ethics related to code, but more related to the configuration - partly software configuration management, but also server administration - making sure that all the things that a piece of code depends on simply don't break.
In fact, if you really consider all the issues, it's a wonder that the Internet hasn't fallen apart yet.
The Internet hasn't fallen apart
The reason that our beloved world wide web hasn't fallen apart is because of the ethics of those involved. Professionalism. Reputation. Trust. There are a lot of great people who keep things working right, cogs in a digital machine that some consider to be mankind's masterpiece.
From the folks at the server farms that host the code to the person making sure that the software is up to date, there's a constant buzz of things happening. Sure, code is a de facto regulatory framework for how we communicate and store information, but that code is built and maintained on the professionalism of the people involved - it's built on ethics.
That's why code is ethics. Code is a living, breathing creation that is written based on the implicit ethics of anyone involved and supported in the same way. It embodies what we are willing to do and it denies what we are unwilling to do.
Code defines what we are capable of based on who we are.
It's a wonderful and horrible thing to consider.