A Review of How Whistleblowing is Studied in Software Engineering, and the Implications for Research and Practice

Hunt, Lucy and Ferrario, Maria (2022) A Review of How Whistleblowing is Studied in Software Engineering, and the Implications for Research and Practice. In: 2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS) :. IEEE/ACM, pp. 12-23. ISBN 9781665495950

Text (A Review of How Whistleblowing is Studied in Software Engineering)
ICSE-SEISWBinSE.pdf - Published Version
Available under License Creative Commons Attribution.
Download (665kB)

Abstract

Harmful software has resulted in loss of life, societal and environmental damage alongside economic losses from fines and sales embargoes. When someone perceives their team or organisation is creating or operating harmful software (e.g., defective, vulnerable, malicious or illegal), one way to attempt to change the situation is to "blow the whistle" and disclose the situation internally or externally. Studying harmful situations and the effectiveness of interventions, up to and including whistleblowing, can help identify technical and human successes and failings in software engineering (SE). The aim of this paper is to explore the extent to which whistleblowing is studied in SE with the objective of identifying themes, research approaches, gaps and concerns, and the implications for future SE research and practice. We find that whistleblowing is an under-explored area of SE research, and where research exists, it often takes the view that reporting harm is a matter of individual moral responsibility; we argue this poorly reflects SE collaborative practice where professional responsibilities are distributed across the software development lifecycle. We conclude by 1) recommending approaches that can help a more timely identification and mitigation of harm in SE; 2) suggesting mechanisms for improving the effectiveness and the personal safety of harm-reporting in SE, and 3) reflecting on the role that professional bodies can have in supporting harm reporting, up to and including whistleblowing.