The Ethical Programmer

We want to create a manifesto dedicated to programmers, a bit like doctor does in Belgium with the Hippocrate serment.

Any programmer can join us and join our values.

The goalis to responsabilize

The goal of this program is to empower developers within companies because they are the arm of their superiors and their management who do not always have an ethical vision of the world.

With the increasing importance of computerized systems in our lives, we must be sure that the people who wrote these systems did so in a benevolent way.

It will first be necessary to define an ethics and rules.

Some rules have been given by the ACM, but these rules are not enough for us and are not going in the right direction:https://en.wikipedia.org/wiki/Programming_ethics

The project is open to everyone, I would like to see as many people as possible edit this page and organize brainstorms.

Because developers have the power to do good and bad, they can put their skills to the service of the community and its detriment. A driving guide is needed to guide those developers who want to stay in the bright side of the moon.

The technical limitations of DokuWiki have forced us to take a more versatile solution.

You can find the brainstorm / reflection matrix here: https://lite.framacalc.org/EthicalHacker-HTUX-Matrice

Inscrivez ici vos idées (brainstorm, on met tout, on triera après ^^)

  • Assume errors related to the code that we wrote.
  • Contribute to humanity by his project.
  • Ensure that a maximum of the compilation, test and production chain is automated to reduce human error and free up time for larger tasks.
  • Always keep the quality of the written software as a primary goal.
  • The developer must be free in the choice of his tools, it is only in this way that he can adopt an ethical attitude thereafter.
  • I will not write code that could potentially injure others.
  • I will not write code that monitors my users.
  • If I find a flaw in a software, I will not practice full disclosure before having first warned and negotiated a patch with those responsible for the system in question.
  • If I find a flaw in a software, I will not exploit it without setting up a Proof-of-Concept
  • I will not publish the sources of my proof of concept until the person in charge of the system has corrected the fault or taken no action and the full disclosure has taken place.
  • I will not work on military defense systems.
  • I will not steal the intellectual property of another developer.
  • I will only publish code if it has been rigorously tested.
  • I will respect the private life in the use of my clients' data (RGDP is doing the job now).
  • I will not write software that aims to reduce the living conditions of some people.
  • I will limit the use of backdoor to test solutions and remove them from the executable delivered to the client.
  • I will not falsify results of mathematical calculations in order to gain an advantage.
  • I will not delete transaction logs or other information about the system history.
  • If I retain access to businesses or resources that I am not supposed to have access to, I will contact the administrator to advise them of the situation. And I will not have access to servers, source control, build agent, vpn, etc., of companies for which I work more.
  • If I have local copies on personal code machines belonging to a company and under closed source, I will erase them once my mission is over for these companies.
  • I will not make the private source code of my company public, even to avenge myself * anger *
  • I will take care to optimize the performance of my systems to reduce the cost of infrastructure and reduce the carbon impact of my project.
  • I will not voluntarily program programmed or derivative obsolescence in software.
  • I will always scrupulously respect software licenses that I use or my libraries
  • I will write my code for the purpose of being read and understood by other people
  • I will not use an obfuscation technique to hide "hidden" features
  • I will not trace my users and monitor the use of the application outside test environments and it is important that if such features are to be put into production, then the user has the choice to disable it. , be aware of the details of what is being monitored. An educational approach is necessary.
  • I will not modify data considered read only, if this were to be the case, a copy and the indication of the change will have to be provided.
  • Never deny the existence of a bug
  • Never write an erect document

  • Director: Please, develop a system tracking our user mouse move in production, not just for our UI QA experience improvement
  • Ethical Programmer: No, sorry sir, that's unethical to do that… Perhap's I'll loose my job, but it's against my principles.
  • Director: Please, store password in clear so we can give them back easily to their client
  • Ethical Programmer: Sorry sir, it's not ethical to do that, perhap's we can use private/public key to encrypt password if you really want to give back the old password but a "I lost my password, generate a new one" with passowrd hashed at least in SHAXXX
  • Director: We'll make a project that will totally ruin our clients to our benefit
  • Ethical Programmer: Sorry sir, that's unethical, I prefer to work elswhere
  • Director: Can you delete bank transfer X from our logs, it was a mistake (or any excuse)
  • Ethical Programmer: No sir, banking log system are read only and it's again my ethic to alter data within the system.

L'ethical programmer est complémentaire a l'agile manifesto. Les deux se compl!tes, l'agile prends le technique et l'ethique prends le sens.

Cet effort devra peut être prendre la forme d'une association à laquelle les développeurs de tous bords pourront se raccrocher.

Il pourrait y avoir un logo distinctif servant de blason pour la fondation.

Le but de la fondation serait de sensibiliser les développeurs à l'éthical programming.

Je propose "Ethical Programmer" pour designer une personne

Je propose "Ethical Programming Company" pour une société qui n’embaucherait ou ne contracterait que des "Ethical Programmer"

Au niveau nom de domaine je propose:

L'organisation, sa culture, ses convictions, sa voix !

Son service d'aide aux entreprises qui souhaiteraient atteindre cet objectif au sein de leur business

Je préfère le .org pour la déclaration de la charte et le .com pour les propositions de services d'audit si on fait ce genre de trucs (cfr plus bas)

Companies or organizations could use our services to assert that their businessn answers well in their practices to the "certification" ethical programmer. Individuals could also pass this certification. This would be a significant source of income and would be a sign of success.

  • Organiser des brainstorms
  • Parler du projet au hackerspace / motiver les gens - In progress
  • Collecter un maximum d'idées
  • Commencer à réfléchir à un système de tri/vote de ces idées, débats pour savoir quoi inclure ou non.
  • Peut-être création d'un board de décisions pour le projet
  • Mettre en place un trello si on est plusieurs à travailler dessus
  • Rewrite in Enlish the document for accessibility - In progress
  • Trouver un logo/une identité visuelle - In progress
  • Ecrire un landing page pour ethicalprogrammer.org</del>

CFP

Ce serait bien de répondre au CFP de https://sessionize.com/dev-day-2018/ et obtenir un talk pour parler de notre projet.

  • Manu404
  • Radislav
  • Jean-Henri
  • HTux

Licence for this document

Copyright © [2008] [LGHS].

 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.2
 or any later version published by the Free Software Foundation;
 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
 Texts.  A copy of the license is included in the section entitled "GNU
 Free Documentation License".
 
 

Links