More than 40% of software developers admit they would consider taking a job where they write code that may be used for unethical purposes.

While this stat from Stack Overflow’s 2018 survey may alarm you, 4 out of 5 respondents consider software developers obligated to consider the ethics of their coding. Unethical behavior could lead to devastating consequences if not identified and prevented ahead of time. There are a number of situations where a developer could be involved in unethical activities, and I’ll go through the three most common situations right here and now.

Example 1: Developing malicious applications

A developer’s ethics are at risk is when they’re hired to create malicious applications, such as ones that steal private user data for unsolicited marketing or identify theft. In this scenario, the decision to create this type of software was likely made by senior management.

Unfortunately, developers caught in this kind of ethical dilemma can only resign if they want to uphold their ethical values. In addition, they should not feel fully responsible for the harm the software might cause, as all decisions were made by business executives. Stack Overflow’s recent survey found only 1 in 5 respondents believing the developer who wrote the software is ultimately responsible for unethical consequences.

Example 2: Limiting and reducing software performance

Another often-encountered situation is when developers create code that purposely limits functionality or reduces an application’s performance – forcing users to buy “more supported” software and hardware updates, newer versions of the product, or additional licenses. The decision to make this code is usually made at the product development or tactical planning level.

In a well-structured company, the developer facing this issue can usually trigger a whistleblower policy to notify senior management, protecting the developer against repercussions. These whistleblower policies empower employees, making them feel safe when reporting something potentially unscrupulous. As a matter of fact, Stack Overflow’s survey confirms that having a way to safely report unethical problems is important, as only 5% of respondents said they would not report issues as they arise.

Example 3: Creating unauthorized code

Lastly, the developer could create unauthorized code for a grassroots initiative. Often it’s a backdoor that bypasses normal authentications systems, giving third parties unauthorized access to data and confidential business processes.

Developers often plant a backdoor to keep their access rights after their contract terminates, once they change jobs, or as a safeguard if they are worried of being let go. Placing the backdoor can be financially motivated – when a competitor spy infiltrates the system – or fueled by personal reasons, i.e. using blackmail or getting even. Sometimes this code even takes the form of a ticking time bomb, driving the system to halt or make operations difficult at an opportune time.

While these unethical situations may concern you, rest assured they can be prevented. Luxoft’s InfoSec team specializes in identifying and resolving unethical coding. In my next blog, I’ll outline how unethical behavior can affect a business and what you can do to protect your organization.

In the meantime, be sure to check out my previous blogs and see how Luxoft can help you. Stay tuned!

Marcin Swiety
InfoSec Director, Luxoft Digital
Marcin Swiety
A seasoned Information Security professional dedicated to business and delivery management in cybersecurity space. He has built and managed internal and external Information Security Services in areas like Data Center, Infrastructure, Network, Outsourcing and Software. He is a white-hat expert and decorated cybersecurity veteran, holder of CISSP, CISM, CISA, CEH, WCSD and ITIL certifications. He is passionate about how InfoSec can play a business enabler role for the digital transformation era.