Three quarters of software engineers face retaliation for whistleblowing

Three quarters of software engineers reporting wrongdoing in their workplace have faced some kind of retaliation, according to a study.

The report by market research firm Survation found slightly more than half (53 percent) of the 280 software engineers questioned suspected wrongdoing at work, while 75 percent of these individuals experienced retaliation the last time they reported such issues to their employers. If they chose not to report wrongdoing, fear of retaliation from management was reported as the top reason (59 percent).

For polling purposes, the research defined wrongdoing as breaching professional standards, negligence, bribery, fraud, criminal activity, miscarriages of justice, health and safety risks, damage to the environment or breaching legal obligations, including discrimination – or deliberately concealing such matters.

British computer scientist Junade Ali, a chartered engineer and fellow of the Institute for Engineering and Technology, was principal investigator for the "Dark Side of Software Development" study.

It revealed good reason for software engineers to be able to raise the alarm when they see potential failures in systems or approaches to engineering. For example, an inquiry is still ongoing into the UK's Post Office Horizon IT system disaster, in which employees were wrongfully convicted of fraud for issues caused by software errors that spanned a period over 20 years.

The flaws in that system created "shortfalls" in the sub-postmasters' accounts which did not actually exist. Over 600 prosecutions over "miscalculations" have taken place, and scores of convictions overturned – but not before some of the defendants suffered bankruptcy and at least two subpostmasters committed suicide. One of them took his life after the Post Office said he owed the branch he worked for hundreds of thousands of pounds.

Developments in AI and the collapse of FTX cryptocurrency exchange also emphasize the need for transparency, the report argued.

Dr Ali said: "Recent developments demonstrate the fundamental importance of software engineers being free to raise the alarm when they become aware of potential wrongdoing; unfortunately our research has highlighted that software engineers are not sufficiently protected when they need to do so. From software engineers facing mass retaliation for speaking up and banned gagging clauses still being used, to 'industry-standard' software development metrics not considering the public's risk appetite; this investigation has highlighted systematic and profound issues with society-wide impact, given how integral computers are to all our lives."

• FTX crypto-villain Sam Bankman-Fried convicted on all charges
• SBF on trial: The Python code that allegedly let Alameda hedge fund spend people's FTX deposits
• Post Office Horizon Inquiry calls for compensation to be brought forward
• Parliament demands to know the score with Fujitsu as Post Office Horizon scandal gets inquiry with legal teeth

He added: "Our investigation has shown a tendency for problems to be swept below the rug until they reach boiling point rather than addressed. This is neither compassionate nor honest for those involved."

As well as the risk of retaliation, the study found that one in six software engineers feel unable to express ideas or concerns, speak up with questions, or admit to mistakes without fear of negative consequences. Nearly one in four software engineers said they were unable to take calculated risks for fear of the consequences.

Professional bodies also define standards for reporting risk. For example, the Institution of Engineering and Technology's Code of Conduct says that engineers are responsible for ensuring that anyone who overrules their advice understands the associated risks and, when appropriate, for informing the employer of those risks.®