After seeing the amount of shoddy, insecure, dangerous code that gets shipped into production at a supposedly high-quality code shop, I've become increasingly of a mind that software engineers need to professionalize. I try to project a professional ethic in the workplace of not shipping broken or harmful shit, which extends to refusing to cut corners on testing, automation, and maintainability.
I think it's important that I exercise professional integrity because I personally have the luxury of being able to afford being fired. If I lose my job because I refuse to do something, nothing bad will happen to me:
- I am a citizen in my country of residence (can't lose green card / etc.)
- I have a deep financial safety net
- I live in an area with high demand for my skills (if I spent more than a month looking for a job I would be shocked).
Not everyone is in this position. I respect that, so I'd like to use my privilege to make it more of a professional norm.
I think not shipping shit extends to everything from the obviously immoral to code that will hurt the customer (or their customers) because it is insecure or unmaintainable.
Here's the question, though. By professionalization, does that mean that only members who have a CS degree can get a job? Does that mean that we have to carry insurance? What does that mean for access to compilers -- is it illegal for anyone but a certified professional to put up a website? How big does it have to be before it has to have certified developers?
All good questions. What I have in mind in the short term is much more in line with the ACM doc linked below by nullc.
The idea of a professional degree has crossed my mind. There's enough of a gap in knowledge and ability required to transition from writing static web content to writing high quality (maintainable, operationally sound, scaleable) enterprise backend code that it starts to look like a paralegal/lawyer, LPN vs. RN, etc. distinction. The difference is that the public has little interest in regulating engineers, but it does have an interest in regulating lawyers and nurses.
I'm personally deeply suspicious of degrees. I'm returning to school to get a professional masters in CSCI, but the program explicitly requires work experience as a pre-requisite for entry (which seems like a no-brainer to me). It also has a high price, which is not something I would foist on the community.
I don't think "programming" should ever be tied to professional institutions as such (much less academic computer science). It has strong roots in free, open-source, decentralized, hacker-minded culture, and I don't think we should ever give that up.
So I guess I'm of two minds about the idea of a professional engineering degree. On the one hand it would help raise expectations about professionalism and accountability in software, which seem pitifully low right now, and on the other hand, it seems like a path no one in their right mind would want to go down.
My ideal would be something like the actuarial exams. You start with exams on math, calculus, linear algebra, DEs, probability theory, numerical analysis, and so forth. Eventually it moves on to more industry specific exams. There are quite a few, different levels to pass.
It is highly rigorous, but one very key feature of all this is that you don't have a specifically proscribed academic path. There isn't a situation like law school, where aspiring professions are essentially forced to spend $120k+ on tuition to join the profession. You can major in math, I think that's most common, and graduate degrees are not unusual either, but you can major in a related field or, as far as I understand, just study math really hard on your own. You are free to decide how to prepare.
Looking at these tests, I can't possibly imagine that anyone who can pass hasn't learned very rigorous coursework.
Something like this could work for programming. We could set up a series of exams, similar to the actuarial math exams, but covering the essential CS work (another bonus: we could do this once, and it would be graded consistency and fairly, rather than being subjected to repeated "interviews" where we are randomly quizzed on data structures every time we apply for a new job). As it moves on, it might get to more industry specific things.
CS would be an advantage, sure, but a math major who has taken some CS and plugs the gaps through self-study would be perfectly free to join the profession. This is essential, in my opinion, it's very important not to allow a cartel like the law schools to take over. That would be extremely harmful.
I'm sure I haven't thought it all through, but this seems to be the most promising approach.
Oh, and lastly, it's not engineering! The licensing bodies for professional engineers are honorable organizations that have no domain over software, no more than they do over actuarial work. Software is its own thing, it isn't engineering.
It's good for programmers to be competent. But what
About those who are competent but still cut corners.
I'm all for training unless it becomes a requirement
Which you absolutely need to get a job.
No degree, but rather a programmer publicly signs off on his code, and gets both credit and blame for it.
Anyone who wants can register for a programmer ID (in practice a public key). There is no test, just an administration fee.
When you write code you sign off on it, perhaps with some accompanying text describing what parts you worked on.
No more anonymous code shipped by a company entity, instead do it like how movies are done: Every single person gets credit (including QA and administration), every tool used gets credit.
This happens to various degrees in the clinical research industry, depending upon the nature of the work (partly thanks to 21 CFR Part 11!). Several years ago I worked in data management on a maintenance team for clinical trial databases.
Company-wide, there was a rigid system in place that captured electronic signatures as change requests were documented, code was modified, and tests were completed.
Anything that was done flowed through at least those three distinct groups (data team lead, maintenance programmer, & QA). We could easily tell how a study's database had been modified in the past (including who had requested the change, who programmed the change, and who tested the change)...there was always an expectation that every i was dotted, t was crossed (or semicolon was in place) before anyone signed off on their work since it would permanently enter the record and couldn't be erased.
Sounds dangerous - mistakes happen - will I get thrown under the bus by the media if a bug in my code causes an accident that no QA process could have reasonably picked up on?
Consider an analogous situation: You made a mistake designing a building. Should you be able to shrug it off as "mistakes happen"?
This has actually happened in the real world with buildings, and when it does if you are responsible and work diligently to correct the problem people are understanding.
I'm not saying you should shrug it off - I'm saying you should't have your life ruined over a mistake in some code you wrote.
I'm yet to see a building collapse around me in my city - I see software fail all the time though - I think we are better at building tall buildings than we are building software.
Sorta. The basis for your concern underlines one of the problems. When such gaffs happen in engineering, the firm is blamed. Within the firm, individual actors are blamed.
In software, on the other hand, your major system might have responsibility for a critical system spread across a total of 1 persons, so he gets all the blame. Is that really okay for one hip-shooter to take this on in the first place?
Doctors have malpractice insurance, paid for by their employers. Also, from what I've read, the malpractice insurance companies are largely doctor-owned.
Either the key can be replicated easily without signing, or there is the probability of an overlap between different keys. Either way there is the probability for forgery.
I suspect that if we wanted to require a formal degree pursuant to licensure for software development (not to mention installation and operation of computers and software), that degree doesn't exist today. The closest thing might be electrical engineering.
We don't even know what computers or software would look like under such a scenario.
Do you disagree with the content of the standards posted, or with the professional ethos of the ACM? There's a substantive distinction to be made there.
I like the Code of Ethics. I have trouble with ACM's handling of ethical issues. With my comment I more or less wanted to point out the difference between both but should have elaborated on this.
Indeed. I should have clarified this in my comment instead of just ranting.
The ACM Code of Ethics is important.
It was one of the reasons I joined ACM.
However, (IMHO) ACM [1] has not necessarily practiced what it preaches in the past.
Given that much of the discussion in this thread is about unions and professional organizations, I wanted to clarify that ACM might not be the best organization to join if you are concerned about ethics.
[1] I'm talking about its administration and committees, not its members. There are quite a few highly ethical and motivated people in the SIGs.
If you lose your job because you are asked to do something illegal, can you sue? Do you know about that? If you can afford not having a job, maybe you can afford a lawyer. If it's possible and affordable I think doing that would help giving more power to people who can't easily afford to lose their jobs.
I think it's important that I exercise professional integrity because I personally have the luxury of being able to afford being fired. If I lose my job because I refuse to do something, nothing bad will happen to me:
- I am a citizen in my country of residence (can't lose green card / etc.)
- I have a deep financial safety net
- I live in an area with high demand for my skills (if I spent more than a month looking for a job I would be shocked).
Not everyone is in this position. I respect that, so I'd like to use my privilege to make it more of a professional norm.
I think not shipping shit extends to everything from the obviously immoral to code that will hurt the customer (or their customers) because it is insecure or unmaintainable.