Software vulnerability due to practical drift

Quantified Score

Visualization

Abstract

The proliferation of information and communication technologies (ICTs) into all aspects of life poses unique ethical challenges as our modern societies become increasingly dependent on the flawless operation of these technologies. As we increasingly entrust our privacy, our well-being and our lives to an ever greater number of computers we need to look more closely at the risks and ethical implications of these developments. By emphasising the vulnerability of software and the practice of professional software developers, we want to make clear the ethical aspects of producing potentially flawed software. This paper outlines some of the vulnerabilities associated with software systems and identifies a number of social and organisational factors affecting software developers and contributing to these vulnerabilities. Scott A. Snook's theory of practical drift is used as the basis for our analysis. We show that this theory, originally developed to explain the failure of a military organisation, can be used to understand how professional software developers "drift away" from procedures and processes designed to ensure quality and prevent software vulnerability. Based on interviews with software developers in two Norwegian companies we identify two areas where social factors compel software developers to drift away from a global set of rules constituting software development processes and methods. Issues of pleasure and control and difference in mental models contribute to an uncoupling from established practices designed to guarantee the reliability of software and thus diminish its vulnerability.