Asking When: Ethics in the Product Development Process Part 3
June 23, 2020
So, we’re back! If you caught my last piece, I spoke about ethical perspectives to bring into your solution architecture (including but not limited to technical research). Of course, all of this is easier said than done. Particularly when moving into back-end implementation – and thinking about security and data – ethical challenges abound. But, as we all know delivery folks are busy. So very busy, sprinting in order to stay ahead, lest the competition release something first (that might be… shockingly similar). And, because of this never-ending sprint, clients can sometimes gloss over solving a problem that has an inherently unethical impact (ahem, Volkswagen, anyone?).
When doing back-end work, it can be easy not to bump the lamp (e.g., raise a red flag!) and just gloss over any security, authentication, authorization and storage no-no’s you might see. In fact, according to the 2018 Stack Overflow survey, writing unethical code is a grey area for a lot of developers.
Just because someone has decided that you’re going to build something, doesn’t mean you have to build something. At Connected, architects and those implementing are often one in the same. If you are working somewhere where that isn’t the case – and you’re just given directives of what to implement – then that doesn’t mean you can’t ask questions. At the end of the day, that’s really what being ethical is all about: trying to get enough context, and the right context so that you can make an informed decision. This is undoubtedly challenging. This is also less so about being a whistleblower (although, this is what a whistle blower policy can look like) but more about choosing to ask questions instead of only focusing on writing code to create a testable and predictable solution. Much like when designing your solution architecture, you need to think about the security and data of what you are building when you’re moving into feature level designs so that your product has your user’s wellbeing top of mind.
- As a practitioner, you should be staying up to date on security best practices like SQL injection, CSRF, etc. and understand how to use them. This course is part of an ethical hacking series and geared towards SQL injection understanding. And, here’s a rundown on generating CSRF tokens to prevent attacks.
- Of course, if you are building web-based platforms then there are tools that you can reach for in helping you check to see if your security practices are up to ‘snuff. People are always trying to break in, even if your product doesn’t seem hella interesting (data is gold, people). The OWASP Foundation has a roundup of tools for different platforms
- And, if you’re so inspired as to become the next great White Hat, there are courses you can take like this one from Station X
- While we are talking about hacking, let’s appreciate the fact that exposing holes should be celebrated, not an irritating mid-sprint recalibration you have to do
- And, keep basic data hygiene practices in mind. Don’t store plain text passwords. Or payment information. And don’t log any sensitive user information as plain text either. Just don’t.
- Another basic don’t do’s: Commit certifications, keys, passwords, tokens, etc. in the code repo.
- Be thoughtful about how you will be anonymizing your data (for reproducing production issues later on, or what have you)
- Of course, there are some important do’s: scrub sensitive information before logging! Crypt to store passwords! Use environmental variables to keep your secret keys safe! Etc., etc. At the end of the day, keeping your product secure for your audience = an ethical practice you can, and should do.
This article, like the previous one, isn’t supposed to be easy. Ethics are hard. And, ethics is a continuum, not a binary. The grey-ness indicated by the Stack Overflow survey isn’t altogether surprising. Some spaces in the product development process have such an exhausting amount of ethical resources and things to remember, it seems impossible to do so. But hopefully this list provides you with some new! useful! Information so you can start building more ethically in the future.
Stay tuned for the next part in this mini series: Creating the overall user experience (UX) of your product!
Thu Jun 23
Plugging In: How Going Remote-First Is Challenging Our Engineers to Collaborate More Deliberately
Going remote-first isn’t just giving our engineers the freedom to do their best work. It’s challenging them to define what and how they’ll achieve it, forcing them to work together more deliberately - in pairs and across projects. And that’s an excellent thing.
Fri Jun 17
Connector Spotlight: Ryan Lim
What does Ryan Lim, Director of Engineering, Practice, do outside of work? Most might know that he is occupied with video games, but you likely didn’t know that he’s also quite the handyman. While he’d describe himself as chill, curious, and creative, knowing that he can renovate floors, tile, drywall, electrical and plumbing, we’d also like to add capable to that list. Whether it’s letting his imagination flow while working on a project or playing with his favourite stackable blocks (can you guess what his favourite product is?), rest assured that the only vendetta from Ryan you need to worry about is in a movie. Discover more about Ryan in this week’s Connector Spotlight!