(UN)Ethical Software Engineering : A critical review about Software Engineering in face of Security Requirements in the IoT/ IoE Society

摘要

Due to the advent of the Internet, software is literally everywhere. This omnipresence of software may impact people‘s lives in such a way that Software Engineering has reached a level of importance without precedence. Although important, it seems, as a result from real world data analysis, that some practices in Software Engineering may reveal an unethical face that unfolds when considered the disregard of a special kind of non-functional requirements (Security Requirements) and the approach of conditioning software use to the acceptance of abusive documents in which all developers‘ responsibility for hazards and failures related to software are excluded. The focus of this paper, as a result of an exploratory inquiry based on multiple data gathering (pentesting, observation of software development teams, interviews, survey and documental analysis), is discussing the present relevance of Security Requirements at contemporary societies, as well as the questionable practices of not considering it in software requirements elicitation/ prioritization and the simultaneous conditioning of software use to the acceptance of disregard responsibility clauses in End-User License Agreements and Terms of Services. Results suggest that: a) software insecurity is everywhere, affecting all of the layers of systems and software of several niches; b) insecurity is evident from the great amount of security vulnerabilities found out in software; c) multiple factors contribute to insecurity in software (insufficient developers‘ knowledge about Security, neglection of security requirements, and omissions in undergraduate courses curricula, e.g.); d) not considering security requirements in nowadays society is unethical; e) it is not appropriate the attitude of part of the Software Industry, that neglects security requirements and, at the same time, tries to hide itself behind EULAs and ToSs filled with responsibility and liability limitation/ exclusion clauses; f) liability and responsibility exclusion/ limitation clauses, as abusive and unethical conditions, shall be suppressed from EULAs and ToSs; g) Software Industry and developers in general shall recognize they are not behaving well and begin doing the right thing from scratch (taking real care for quality and Security Requirements); h) it is time for a change in Software Industry and this change is urgent because inertia, in this case, may favor professional licensing and external regulation initiatives, measures that, obviously, may not be interesting to all the actors involved in software production; i) it is the time for Ethical Software Engineering.