Those of us in the development testing business rarely show restraint when software-related news about a failure makes big headlines. It’s bad enough that these organizations take a PR beating, but to kick them while they’re down to hock our wares is uncouth at best. We’re not first in line, nor will we be last, but we’re taking our turn just the same.

Delta’s legal turbulence
An already fragile airline industry took another hit when California Attorney General Kamala Harris filed a lawsuit against Delta Airlines for failing to comply with the state’s Online Privacy Protection Act. The lawsuit is in regard to the Atlanta-based company’s mobile phone app, which is required to post a conspicuous privacy policy that informs app users of what personal information is collected and how it will be used.

In this particular case, Delta is lucky. Aside from the bad publicity and small amount of work to update the app, Delta will likely incur minimal damages from the infraction. Had there been a problem with one of the core features that may result in real damages, such as the “pay for checked bags” feature, the airline may have had a bigger problem on its hands.

Honest mistake? Maybe
We’re not here to judge Delta, or any other company for that matter. We’re only talking about this snafu to make a point: that developers are making business decisions every day, and that these decisions carry real consequences. Their code determines the safety, security, performance and reliability of the software that drives the business, giving them the power to introduce or minimize risks. By allowing developers to make critical business decisions related to the software, managers, directors and C-level executives have delegated to them an extraordinarily high level of business responsibility. Developer decisions directly affect immediate or future success, growth, damages or liabilities, as well as the stability of business leadership positions.

Our example is a classic example of what can happen when developers are left to make business decisions. This is not a knock on developers. We love developers. Making sure that legal standards are met should be the job of the legal department. The development team was probably just excited to get their product out into the market and simply forgot to include the privacy policy. There are ways to align software developer decisions with business expectations, but that’s a topic for another day.

The point is that in the absence of a clearly defined policy that sets expectations on how software is to be designed and developed, developers are left to fill in certain business-related blanks. In most cases, this isn’t the developers’ strong suit. Other mobile app makers may want to take note and implement a policy that requires legal to review their products to ensure compliance with applicable laws. Better yet, why not automate this process in the development stage when the cost of addressing issues is at its lowest?

Changing technology calls for changing practices
The software development world is facing multiple disruptive technologies. The move to cloud-based software, agile development, and the rapidly growing mobile market are just some of the emerging trends for which we must account. These technologies stoke up the fire of concerns that have faced software developers for some time. How do you ensure that the software is safe, secure, reliable, performs well, complies with regulations, and so on?

Without creating policies to ensure that development practices and business expectations are aligned, we are in danger of making the same mistake over and over. Changing technology means new threats and a shift in how we overcome classic problems. And our ideas of how we evolve software must also change.  

Wayne Ariola is VP of Strategy at Parasoft, which sells tools for implementing policy-driven software development.