Building Socio-technical resilience in software development: experiences from The Motivating Jenny Project (Fireside chat with Helen Sharp)
Building Socio-technical Resilience in Software Development: Experiences from The Motivating Jenny Project
A Fireside Chat with Helen Sharp
Shalini Urs
Software, software everywhere!
Software is everywhere and drives every part of everything we do. The software makes our everyday work easier and simplifies our daily lives. So it is easy to understand their dominance in today’s software-driven world—from NASA’s James Webb Telescope to handheld devices that we are glued into. The software appears to be firmly in the driver’s seat, pervading every aspect of human life—communication, entertainment, health, economy, industry, politics, education, and science. From modeling the spread of COVID to tracking your Amazon delivery, our life is dominated by software.
What about the people and communities that develop software? Have you ever wondered about the people and communities behind the software? Have you been intrigued by the socio-technological realities surrounding everyday software development practice? What motivates developers to build secure software? What kind of community dynamics run behind software development?
Building Socio-technical Resilience in Software Development: Experiences from The Motivating Jenny Project
A Fireside Chat with Helen Sharp
Shalini Urs
Software, software everywhere!
Software is everywhere and drives every part of everything we do. The software makes our everyday work easier and simplifies our daily lives. So it is easy to understand their dominance in today’s software-driven world—from NASA’s James Webb Telescope to handheld devices that we are glued into. The software appears to be firmly in the driver’s seat, pervading every aspect of human life—communication, entertainment, health, economy, industry, politics, education, and science. From modeling the spread of COVID to tracking your Amazon delivery, our life is dominated by software.
What about the people and communities that develop software? Have you ever wondered about the people and communities behind the software? Have you been intrigued by the socio-technological realities surrounding everyday software development practice? What motivates developers to build secure software? What kind of community dynamics run behind software development?
—What kind of community dynamics run behind software development?—
Socio-technical Systems
Software systems are not isolated but socio-technical systems (STS) that are components of broader systems with a human, social or organizational purpose. Socio-technical systems are large-scale systems that include but are not limited to software and hardware but also people, processes, and organizational policies. Socio-technical systems are composed of several independent systems, often called “systems of systems.” The boundaries of a socio-technical system are subjective rather than objective: different people see the system differently.
The foundation of STSs is general systems theory (GST) —a science investigating general laws for arbitrarily complex arrangements—”systems”—constituting functional integrities (Von Bertalanffy, 1972). The origin of GST is credited to eminent Austrian biologist and philosopher Ludwig von Bertalanffy (1901–71) with the publication in 1928 of a seminal book titled Kritische Theorie der Formbildung. Systems theory has played a vital role in contemporary science in the information era. According to GST, all “systems,” regardless of their disciplinary domain, share some essential similarities in their underlying structure. They also exhibit common behavioral patterns, such as statistical constancy, growth and decay trends, and rhythmic or oscillatory behavior (Hofkirchner & Schafranek, 2011).
Software development is creating artificial systems by humans to get hardware to work for people and organizations according to well-defined processes and policies. They comprise technical parts concerning systems engineering issues and human and organizational parts concerning medical and social sciences issues.
Software engineering is a highly social-intensive activity. Teams of engineers develop software, and these teams are diverse and across borders. Beyond the technical aspects extensively studied in this field, there is a diversity of human and social aspects that may affect the performance of software engineers at work (França, 2014). Furthermore, studies of human and social aspects of software development are few and far between. Furthermore, these studies are to be anchored on theories that underpin them. For a deeper insight into software development’s human/social dynamics, studies are to be framed with a broader theory of human behavior. STS studies apply an understanding of social structures, roles, and rights (the social sciences) to inform the design of systems that involve communities of people and technology.
Ethnographic studies of software engineering
Ethnography is a qualitative research method broadly adopted in disciplines outside software engineering to study people and cultures. By adopting a cultural lens to observe and interpret events, actions, and behaviors, ensuring that they are placed in a relevant and meaningful context, it is possible to capture and analyze software development practices (Passos et al., 2012). It can help to uncover not only what practitioners do but also why they do it. Ethnographic studies of software development help build better software by informing the design of software engineering tools and helping improve the method and process development.
Despite its promise, ethnographic studies of software engineering have received little attention, and Sharp et al. (2016) make a compelling case by presenting a set of dimensions that position ethnography as a practical and usable approach to empirical software engineering research.
Socio-technical Resilience
Post-pandemic, the word resilience has been an overused term. Despite our bored reaction to this term, it reflects a much-needed⎯ ability to recover from or adjust easily to adversity or change. As people, organizations, and societies across the globe continue to deal with the fallout from the pandemic; building resilience has become the name of the game this year. Socio-technical resilience refers to the ability of systems to recover following a shock/disruption/disaster. While this ability is present for many systems, its manifestation for many socio-technical systems is a challenge as STS are a particular class of systems that consist of hybrid entities: intentional agents and material technologies.
Amir and Kant (2018) conceptualize socio-technical resilience by employing an interdisciplinary perspective derived from the fields of science and technology studies, human factors, safety science, organizational studies, and systems engineering. Given the hybrid nature of socio-technical systems, they frame socio-technical resilience as undergirded by the notion of transformability with an emphasis on planned activities, focusing on the ability of socio-technical systems to shift from one form to another in the aftermath of shock and disturbance. According to them, the triad of relations, structures, and practices are fundamental aspects required to comprehend the resilience of socio-technical systems during times of crisis.
Lessons from Motivating Jenny Project: Helen Sharp
Software security makes the headlines regularly. Moreover, people, including researchers, vex over and try to understand why we still have these breaches caused by common vulnerabilities, and there are always calls for developers to do more. However, studies that examine developers’ points of view of security features in the day-to-day work of a development team are sparse. There have been ethnographic studies of professional developers in physical and virtual settings, using motivation theory as a framework. These studies have focused on community and culture’s role in secure coding. The Motivating Jenny to Write Secure Software: Community and Culture of Coding project (2017-2020) investigated how to initiate and sustain secure software culture, building upon frameworks of personal motivation and team culture.
Listen to this episode of InfoFire, where Dr. Helen Sharp, Professor of Software Engineering, School of Computing and Communications, the Open University, UK., shares her experiences and research based on the “Motivating Jenny” project.
In this fireside chat, Helen shares her motivation for transitioning towards ethnographic studies and wearing the cultural lens to understand the human side of software engineering. Given her early work in human interaction and coauthoring a well-known textbook on “Interaction Design: Beyond Human-Computer Interaction,” the shift towards ethnographic studies is natural.
Motivating Jenny and STRIDE projects
The Motivating Jenny to Write Secure Software: Community and Culture of Coding project (2017-2020) is a joint project between The Open University and Exeter University and a sister project of the EPSRC-funded Why Johnny does not write secure software? Secure Software Development by the masses.
Currently, Helen spearheads a £1 million project called STRIDE (socio-technical resilience in software development project), funded by the Engineering and Physical Sciences Research Council (EPSRC), to change the software engineering culture. The Open University team works with Lancaster University and the Software Sustainability Institute (including research software engineers) to bring a social psychology view to this area.
Motivation theories and empirical software engineering studies
Helen and her team frame their research studies on two well-known theories: Teresa Amabile’s The Progress Principle and Edgar Schein’s Career Anchors. In their book The Progress Principle. Teresa Amabile and Steven Kramer describe the secret behind truly productive people. The forward momentum in meaningful work progress creates the best inner work lives. The Progress Loop plays a central role. A positive inner-work life leads to higher performance in terms of creativity, productivity, engagement, and collegiality. This, in turn, leads to the progress of meaningful work.
Using theory drawn from information security and motivation research in software engineering, Lopez et al. (2022) characterize key ways in which individual developers form security responses to meet the demands of particular circumstances, providing a framework managers and teams can use to recognize, understand and alter security activity in their environments
Edgar Schein, a founder of modern organizational psychology, theorizes that every one of us has a particular orientation towards work. Consequently, we all approach our work with a set of priorities and certain values, which he termed ‘Career Anchors,’ representing a combination of perceived career competence and including talents, motives, values, and attitudes that give stability and direction to a person’s career. Career Anchors help an individual conceptualize his own perceived career.
Building a Community and Culture of Coding Secure Software
According to Helen, socio-technical resilience is a very slippery concept. For this conversation, she ventured to define it as the ability of a socio-technical system to remain stable enough to operate safely in the face of change. The environment around software development is constantly changing. People change policies, and user requirements change, outpacing hackers’ knowledge and such. So the notion of remaining stable enough to operate safely in that context is not just about large events; it is about day-to-day things. While the technical aspects are enormous, the human and community aspect of software development is significant too. All the quirks, specialties, and wonderful things about humans also come through in software development. You have got people supporting each other through a social connection across the communities. There is quite a lot of social influence in software development. If you look at something like Stack Overflow, many developers seek help and support. It is common for developers to find bits of code, pick them up, and then use them in their work, having tested it and carefully made sure that it does what they wanted. Communities can be pretty influential because if enough people pick up the same bit of code to use, it will become more popular within the community and usable widely. So there are the social and community sides that underpin the technical side of things as well.
Drawing upon Amabile’s Progress Principle, which says that knowledge workers, including software developers, are motivated by making progress, Helen and the team found that while the progress principle appears to be pretty simple and yet quite powerful. Moreover, software practitioners recognize this and agree. The Progress Principle and Edgar Schein’s Career Anchors, together with the work they had done previously, allowed them to identify a set of internal and external factors that influences behavior within software development. The Motivating Jenny project ended up with an empirically grounded view of what security looks like from the developers’ point of view. It quickly became apparent that motivating developers to write secure code was not the right question because the situation was much more complicated. The ground realities of coding secure software were different. The developers understood security; they followed the Overwatch lists, read articles, and researched. The rhetoric that developers just are not doing what they are supposed to be doing is misconstrued. The factors affecting secure software development were different.
Helen elaborates that ethnographic studies try to understand the individual’s point of view, which is the software developer’s point of view. So they were able to develop this empirically grounded view of security. At the core of this was a set of responses that an individual may have when they come up against some situation involving security. The project identified five elements, and Helen explicates three of them in this interview as examples.: worry, guide, and direct. First, what they call the “worry” scenario is a situation when a developer is aware that a design choice that’s been made has poor security implications but is not empowered to change that decision either because someone higher up in the hierarchy or one of the clients has insisted otherwise. So the engineer cannot do anything but worry about it. The Second scenario is what they call a “guide.” This response is when an issue crops for one developer, another team member who has had previous experiences steps in and guides. Finally, the third scenario is what they call “direct.” Direct is where an engineer actively engages in a security issue, gets interested, researches—looks up forums, and tries to work through and deal with it. Moreover, they can use their research to develop software if empowered.
So, there is more to software development than just coding. As Amir and Kant (2012) note, the triad of relations, structures, and practices is fundamental to understanding socio-technical resilience. Learn about them in this fireside chat with Helen Sharp.
References
Amabile, T., & Kramer, S. (2011). The progress principle: Using small wins to ignite joy, engagement, and creativity at work. Harvard Business Press.
Amir, S., & Kant, V. (2018). Sociotechnical resilience: A preliminary concept. Risk Analysis, 38(1), 8-16.
França, A. C. C. A Theory of Motivation and satisfaction of Software Engineers (Ph.D. Dissertation). Center for Informatics, Federal University of Pernambuco, Recife, 2014
Hofkirchner, W., & Schafranek, M. (2011). General system theory. In Philosophy of complex systems (pp. 177-194). North-Holland.
Lopez, T., Sharp, H., Tun, T., Bandara, A., Levine, M., & Nuseibeh, B. (2022). Security Responses in Software Development. ACM Transactions on Software Engineering and Methodology.
Passos, C., Cruzes, D. S., Dybå, T., & Mendonça, M. (2012, September). Challenges of applying ethnography to study software practices. In Proceedings of the 2012 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (pp. 9-18). IEEE.
Sharp, H., Dittrich, Y., & De Souza, C. R. (2016). The role of ethnographic studies in empirical software engineering. IEEE Transactions on Software Engineering, 42(8), 786-804.
Von Bertalanffy, L. (1972). The history and status of general systems theory. Academy of management journal, 15(4), 407-426.
Cite this article in APA as: Urs, S. (2022, September 8). Building socio-technical resilience in software development: experiences from The Motivating Jenny Project. Information Matters, Vol. 2, Issue 9. https://informationmatters.org/2022/09/building-socio-technical-resilience-in-software-development-experiences-from-the-motivating-jenny-project-fireside-chat-with-helen-sharp/