By Alejandro Hernandez & Anna Krolikowsk
In 1846, the rate of women who died shortly after giving birth in a hospital in Vienna was higher in the physician’s clinic than in the midwives’ ward. Doctors attributed the deaths to random cases of childbed fever. That was until Ignaz Semmelweis, assistant professor at John Hopkins School of Public Health, noticed that physicians conducted autopsies early in the morning and then attended labors. Although this was two decades before the discovery of bacteria, Semmelweis made the point that physicians could transmit “cadaverous particles” and needed to wash their hands before attending to women. After clinics adopted protocols for washing their hands, women stopped contracting the fever and the death rate fell dramatically.
Clean environments, good protocols, and professional standards saved lives. Today, the same goes for the tech industry. In particular with good software coding practices. Unlike the medical realm, software development today lacks global standardized practices. If left unattended, this issue of coding malpractice could result in future tech catastrophes that can cost money to private companies and affect national infrastructure. Energy grids, water supply, transportation networks, and communication systems are increasingly automated and thus require good coding practices to prevent security vulnerabilities and errors that can put lives at risk.
To better understand the issue of good coding practices, I collaborated with Anna Krolikowski of Southwestern University and a software developer at itt/SourceTech, to explore the options from software development and policy perspectives.
Good code is code that is easily changed, which is generally achieved through testing and readability. Just like a car manufacturer runs safety tests on the vehicles it produces, good code is thoroughly tested to ensure it performs as expected. Tests are an effective way to prevent code changes from producing unexpected side effects, or “bugs.”
For example, readable code allows the code to be modified more efficiently by other developers. Modifying poorly written code is like trying to edit a paper by someone with bad handwriting. Half the challenge is figuring out what you are reading, creating the risk of misunderstanding what you are changing. Well-written code is easy to understand and thus easy to change. Additionally, responsible developers typically work within a system that supports fast delivery, speedy recovery from errors, and frequent feedback. This system is commonly referred to as DevOps. Implementing DevOps is akin to ensuring that a doctor is operating in a clean environment with high-quality tools.
The speed at which software developers can safely create new features, websites, and applications is dependent on their ability to clearly understand the code they are working with and modify it without fear of creating bugs that cause problems. Unfortunately, while the above standards are encouraged in the industry, they are rarely enforced. The end product may be code that works—or appears to work—but there is no guarantee that the code is well-written and tested.
Having software development standards is important because coding is all around us. We depend on software for our daily lives, either for communicating with each other, for our daily jobs, or how we search for information online. More importantly, health systems, financial networks, and our infrastructure depend on good, clean code. As more tools emerge, coding will become easier, more intuitive, and accessible. Take ChatGPT for example and how educators and employers will adapt to it. While it is still very limited for creating written prompts, it is highly effective in writing code—after all, code is its native tongue.
As coding becomes more accessible and relevant for employers—just like knowing your way around Excel and Word is now a requirement in most jobs—the more we need to set standards. How do we set good practices? We propose education, policy understanding, and enforcement, along with advocacy from software developers.
Sadly, the first instinct of policymakers is to ignore new tech problems until they are required to react, and then they implement regulation that seldom works. An example has been social media and privacy laws, as well as TikTok and its security concerns. A Congress of the 20th century does not seem ready for the 21st But it can still learn from the past. In the early 1900s, as more schools offered medical training, a group of experts decided to advocate for good, ethical, and practical standards in medical education. Their evaluation resulted in the Flexner Report, named after one of the advocates, which prompted both the U.S. and Canada to reform their medical education to create good standards for medical practices and teaching.
Policymakers should follow the example of the Flexner Report and push for good coding practices. A growing number of countries are already implementing regulations for software, especially on healthcare apps. Their approach has been to standardize the minimum requirements proposed by developers. There are also examples in other industries. From journalism to media, all the way to construction, standards separate the reliable from the dangerous. Policymakers need to stop looking at software development as something of the future and realize it is a critical piece of our present.
Some in the developer community, like Robert “Uncle Bob” Martin, an engineer known for the SOLID software principles, are already advocating for standards. Yet policymakers must support such efforts because they have the leverage and authority to enforce standards. Establishing good coding practices, however, must include a diverse perspective. In an industry that historically lacked diversity, new standards should not create additional obstacles for minorities hoping to enter the field.
Creating standards and supporting policies that enforce good coding practices is a way that policymakers can prevent future tech catastrophes. International institutions, along with federal and private banks, redesigned lending standards after the 2007 financial crisis to ensure financial catastrophe of that magnitude does not happen again. Had those standards been in place before, the world might have avoided the crisis in the first place. Now is the chance for developers and policy experts to prevent a future tech catastrophe.