A survey of 280 software engineers conducted in October has reported that over half (53%) suspected that malpractices were occuring in the workplace.
Among the specific areas of wrongdoing mentioned include breaching professional standards, negligence, bribery, fraud, criminal activity, miscarriages of justice, health and safety risks, damage to the environment or breaching legal obligations, including discrimination – or deliberately concealing such matters.
The survey found that of the 116 who did report wrongdoing to their employers, 75% said that they faced retaliation, such as being denied a promotion or salary increase, harassment/bullying, being treated differently or being fired.
Computer scientist, Junade Ali, who produced the report, said: “There’s a lack of psychological safety. People don’t feel as if they’re able to speak up. This highlights the need for lasting oversight and systems of scrutiny.”
This, he said, avoids businesses relying on people needing to speak up where there is a culture that means it is rare to do so. Ali describes this as the “bystander effect”, where the software engineers accept that something is wrong, but stand back and let the wrongdoing go unreported.
Turning next to what matters most for software engineers, the study found that software engineers were most likely to say what mattered “to a great extent” about their jobs was being able to provide for them/their families (52%), delivering work that is highly reliable (51%) and keeping data secure (47%).
However, the poll found that 71% agree that software reliability at the workplace concerns them. A previous poll run in June 2021 found that the percentage of software engineers who were concerned about software reliability at work was 57%, illustrating a worsening situation over the past two years. The software engineers surveyed were least likely to say “delivering work quickly” (33%) was among their highest priorities.
Google’s DevOps Research and Assessment (Dora) is often used as a way for managers to measure the performance of individual software engineers in a team. According to Ali, while it may find some correlation with competence, these metrics do not measure what the public think is most important when it comes to computer systems or what software engineers, in their professional judgement, think is most important. The study noted that Dora does not take due regard for the changing tolerance in the balance of risk and reward in different industries or particular settings.
In The dark side of software development report, which is based on the survey results, Ali said that over optimising against these metrics, particularly when at the cost of what matters to society or where the professional judgement of software engineers directs, can introduce significant harm. He recommended that the use of the Dora “four key metrics” as a blanket measure of software delivery performance should be discontinued. Instead, Ali urged software team leaders and managers to use metrics that measure and risk indicators which are suitable for the risk/reward appetite in a given environment.
From his own experience of software teams, Ali has worked on research into developer burnout and has seen cases where certain members of a software engineering team are far more tolerant of risk than the rest of the team. He said: “This obviously puts pressure on the rest of the team who have to deal with instances where things have potentially moved too quickly.”