Role of Developers’ Professionalism in User Experience and Security

I’ve written previously about the lack of professionalism and duty of care within the IT profession. This includes the ineptitude and irrelevance of the British Computer Society (BCS). Since then, I’ve let my Chartered status lapse. It was just money and no-one cared. This includes my membership, which means nothing to anyone.

There are additional considerations about why our profession requires the height of competence and ethics.

Security

Security remains a critical element of any software development. The developer may be capable and smart enough to implement the latest patterns and techniques. But are they aware of their responsibility to ensure their code is secure? It should not be vulnerable to attacks or be used to mount an attack.

The professionalism of developers is a repeating theme on the Security This Week podcast. They frequently remind listeners that a developer’s lack of awareness often leaves systems vulnerable to attack. Laziness or competing objectives can also contribute to these vulnerabilities.

Data access

A developer’s access to data can be used as a point of attack, or at worst, corruption. Access to real data in Production can be very useful for investigating and diagnosing problems. However, there is no reason for a developer to have access. A requirement to have access to data in Production points to insufficient testing or quality assurance elsewhere in the Software Development Lifecycle (SDLC). A developer with any sense of professionalism should be shunning access to Production data. This will avoid any opportunity for insinuation of corruption or maleficence. A Developer’s professionalism and duty of care is fundamental to their project delivery.

User Experience (UX)

The NN/g UX Podcast repeatedly states “you are not the user”, and this stands true for Developers, too. It should not be the Developer’s place to decide on UX issues. If a Developer is being asked to decide on UX concepts, it indicates that the UX issue has not been given the importance it deserves in other stages within the SDLC. However, one must accept not all teams have the benefit of dedicated UX expertise. In these cases, it can be incumbent on professionals such as the Developer to make decisions. These decisions may seem minor but have a significant impact, including the probability of closing a sale. Therefore, shouldn’t there be some professionalism or formal consideration of the role of UX in a Developer’s skill-set?

Artificial Intelligence

The software development profession is undergoing a fundamental shift. The role of the Software Developer is changing from being the architect of their own work. Developers are perhaps moving into a ‘co-pilot’ role. This role may see the Developer over-seeing code generated by AI.

Without regurgitating the many weaknesses of AI, including hallucinations, the limitations of models or the source data set, it presents the question about where professionalism will lie when AI becomes integral to a Developer’s role. Developers need to avoid “the AI told me to do it that way”.

Risk

Ultimately, it’s going to come down to risk and how comfortable you, your team and organisation will be with it. To ascertain that level of comfort, shouldn’t there be some mitigation in hiring for powerful roles? This could include certification or a professional code. Developers in regulated industries will be used to a seemingly relentless series of training on Anti-Money Launder (AML), Counter-financing of Terrorism (CFT), Data Protection, etc., which, whilst important, their application in software development professionalism is just as important. Software Developers may unwittingly become the enablers of financial crime.

Live to work