Software Engineering Body of Knowledge (v3) (2014) (811503), страница 54
Текст из файла (страница 54)
Rights tosoftware engineering assets—products, innovations, inventions, discoveries, and ideas—mayreside with the employer or customer, either underexplicit contract terms or relevant laws, if thoseassets are obtained during the term of the software engineer’s relationship with that employeror customer. Contracts differ in the ownership ofassets created using non-employer-owned equipment or information.Finally, contracts can also specify amongother elements the location at which work is tobe performed; standards to which that work willbe held; the system configuration to be used fordevelopment; limitations of the software engineer’s and employer’s liability; a communicationmatrix and/or escalation plan; and administrativedetails such as rates, frequency of compensation,working hours, and working conditions.1.7. Legal Issues[1*, c6, c11] [3*, c5s3–c5s4] [9*, c1s10]Legal issues surrounding software engineeringprofessional practice notably include mattersrelated to standards, trademarks, patents, copyrights, trade secrets, professional liability, legalrequirements, trade compliance, and cybercrime.It is therefore beneficial to possess knowledge ofthese issues and their applicability.Legal issues are jurisdictionally based; software engineers must consult attorneys who11-6 SWEBOK® Guide V3.0specialize in the type and jurisdiction of any identified legal issues.1.7.1. StandardsSoftware engineering standards establish guidelines for generally accepted practices and minimum requirements for products and services provided by a software engineer.
Appendix B of thisGuide provides guidance on software engineering standards that are applicable to each KA.Standards are valuable sources of requirementsand assistance during the everyday conduct ofsoftware engineering activities. Adherence tostandards facilitates discipline by enumeratingminimal characteristics of products and practice.That discipline helps to mitigate subconsciousassumptions or overconfidence in a design.
Forthese reasons, organizations performing softwareengineering activities often include conformanceto standards as part of their organizational policies. Further, adherence to standards is a majorcomponent of defense from legal action or fromallegations of malpractice.1.7.2. TrademarksA trademark relates to any word, name, symbol,or device that is used in business transactions.It is used “to indicate the source or origin of thegoods” [2].Trademark protection protects names, logos,images, and packaging. However, if a name, image,or other trademarked asset becomes a generic term,then trademark protection is nullified.The World Intellectual Property Organization(WIPO) is the authority that frames the rules andregulations on trademarks.
WIPO is the UnitedNations agency dedicated to the use of intellectual property as a means of stimulating innovation and creativity.1.7.3. PatentsPatents protect an inventor’s right to manufacture and sell an idea. A patent consists of a setof exclusive rights granted by a sovereign government to an individual, group of individuals, ororganization for a limited period of time. Patentsare an old form of idea-ownership protection anddate back to the 15th century.Application for a patent entails careful recordsof the process that led to the invention. Patentattorneys are helpful in writing patent disclosureclaims in a manner most likely to protect the software engineer’s rights.Note that, if inventions are made during thecourse of a software engineering contract, ownership may belong to the employer or customer orbe jointly held, rather than belong to the softwareengineer.There are rules concerning what is and is notpatentable.
In many countries, software code isnot patentable, although software algorithms maybe. Existing and filed patent applications can besearched at WIPO.1.7.4. CopyrightsMost governments in the world give exclusiverights of an original work to its creator, usuallyfor a limited time, enacted as a copyright. Copyrights protect the way an idea is presented—notthe idea itself. For example, they may protect theparticular wording of an account of an historicalevent, whereas the event itself is not protected.Copyrights are long-term and renewable; theydate back to the 17th century.1.7.5. Trade SecretsIn many countries, an intellectual asset such asa formula, algorithm, process, design, method,pattern, instrument, or compilation of information may be considered a “trade secret,” providedthat these assets are not generally known and mayprovide a business some economic advantage.The designation of “trade secret” provides legalprotection if the asset is stolen.
This protectionis not subject to a time limit. However, if anotherparty derives or discovers the same asset legally,then the asset is no longer protected and the otherparty will also possess all rights to use it.1.7.6. Professional LiabilityIt is common for software engineers to be concerned with matters of professional liability.
AsSoftware Engineering Professional Practice 11-7an individual provides services to a client oremployer, it is vital to adhere to standards andgenerally accepted practices, thereby protectingagainst allegations or proceedings of or related tomalpractice, negligence, or incompetence.For engineers, including software engineers,professional liability is related to product liability.
Under the laws and rules governing in theirjurisdiction, engineers may be held to accountfor failing to fully and conscientiously followrecommended practice; this is known as “negligence.” They may also be subject to laws governing “strict liability” and either implied or expresswarranty, where, by selling the product, the engineer is held to warrant that the product is bothsuitable and safe for use. In some countries (forexample, in the US), “privity” (the idea that onecould only sue the person selling the product) isno longer a defense against liability actions.Legal suits for liability can be brought undertort law in the US allowing anyone who is harmedto recover their loss even if no guarantees weremade.
Because it is difficult to measure the suitability or safety of software, failure to take duecare can be used to prove negligence on the partof software engineers. A defense against such anallegation is to show that standards and generallyaccepted practices were followed in the development of the product.1.7.7. Legal RequirementsSoftware engineers must operate within the confines of local, national, and international legalframeworks. Therefore, software engineers mustbe aware of legal requirements for• registration and licensing—including examination, education, experience, and trainingrequirements;• contractual agreements;• noncontractual legalities, such as those governing liability;• Basic information on the international legalframework can be accessed from the WorldTrade Organization (WTO).1.7.8. Trade ComplianceAll software professionals must be aware oflegal restrictions on import, export, or reexportof goods, services, and technology in the jurisdictions in which they work.
The considerationsinclude export controls and classification, transferof goods, acquisition of necessary governmentallicenses for foreign use of hardware and software,services and technology by sanctioned nation,enterprise or individual entities, and importrestrictions and duties. Trade experts should beconsulted for detailed compliance guidance.1.7.9. CybercrimeCybercrime refers to any crime that involvesa computer, computer software, computer networks, or embedded software controlling a system.
The computer or software may have beenused in the commission of a crime or it may havebeen the target. This category of crime includesfraud, unauthorized access, spam, obscene oroffensive content, threats, harassment, theft ofsensitive personal data or trade secrets, and useof one computer to damage or infiltrate othernetworked computers and automated systemcontrols.Computer and software users commit fraud byaltering electronic data to facilitate illegal activity. Forms of unauthorized access include hacking, eavesdropping, and using computer systemsin a way that is concealed from their owners.Many countries have separate laws to covercybercrimes, but it has sometimes been difficultto prosecute cybercrimes due to a lack of precisely framed statutes.
The software engineer hasa professional obligation to consider the threat ofcybercrime and to understand how the softwaresystem will protect or endanger software and userinformation from accidental or malicious access,use, modification, destruction, or disclosure.1.8. Documentation[1*, c10s5.8] [3*, c1s5] [5*, c32]Providing clear, thorough, and accurate documentation is the responsibility of each softwareengineer. The adequacy of documentation is11-8 SWEBOK® Guide V3.0judged by different criteria based on the needs ofthe various stakeholder audiences.Good documentation complies with acceptedstandards and guidelines.
In particular, softwareengineers should document• relevant facts,• significant risks and tradeoffs, and• warnings of undesirable or dangerous consequences from use or misuse of the software.Software engineers should avoid• certifying or approving unacceptable products,• disclosing confidential information, or• falsifying facts or data.In addition, software engineers and their managers should notably provide the following documentation for use by other elements of the software development organization:• software requirements specifications, software design documents, details on the software engineering tools used, software testspecifications and results, and details on theadopted software engineering methods;• problems encountered during the development process.For external stakeholders (customer, users,others) software documentation should notablyprovide• information needed to determine if the software is likely to meet the customer’s andusers’ needs,• description of the safe, and unsafe, use of thesoftware,• description of the protection of sensitiveinformation created by or stored using thesoftware, and• clear identification of warnings and criticalprocedures.Use of software may include installation, operation, administration, and performance of otherfunctions by various groups of users and supportpersonnel.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
