Skip to content

Update Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md #954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md #954

wants to merge 2 commits into from

Conversation

mswilson
Copy link

@mswilson mswilson commented Aug 5, 2025

  • add link to Kiro steering documentation, sort tools alphabetically
  • adopt terminology more applicable to professional software development ("You are the Pilot" -> "You are the Developer")
  • reinforce that the developer is responsible for potential harms of the code, link to ACM code of ethics and professional conduct for definition of "harm"

@david-a-wheeler
Copy link
Contributor

I suggest also citing
"The Software Engineering Code of Ethics and Professional Practice" as recommended by the ACM/IEEE-CS Joint Task Force on Software Engineering Ethics and Professional Practices and jointly approved by the ACM and the IEEE-CS as the standard for teaching and practicing software engineering. While the ACM recommends its code of ethics for all, a joint statement from both the ACM and IEEE is a stronger source of authority. It also notes harm.

@david-a-wheeler
Copy link
Contributor

I don't know that "pilot" is the wrong term in this case, it does indicate someone who controls a machine but is ultimately responsible for what happens.

@mswilson
Copy link
Author

mswilson commented Aug 5, 2025

I suggest also citing "The Software Engineering Code of Ethics and Professional Practice" as recommended by the ACM/IEEE-CS Joint Task Force on Software Engineering Ethics and Professional Practices and jointly approved by the ACM and the IEEE-CS as the standard for teaching and practicing software engineering. While the ACM recommends its code of ethics for all, a joint statement from both the ACM and IEEE is a stronger source of authority. It also notes harm.

I'll work on that change.

I don't know that "pilot" is the wrong term in this case, it does indicate someone who controls a machine but is ultimately responsible for what happens.

In aviation, your "co-pilot" is a fellow practitioner, and is fully capable of taking command of the aircraft. The autopilot (or, generally "cockpit automation") is a tool that a pilot can use to manage cognitive load, optimize passenger comfort, etc. Ultimately, the pilot has responsibility for the aircraft, and needs to know when to take over control from automation.

This one reason why "You are the pilot, AI is the co-pilot" breaks down as a useful analogy to me.

Another reason to avoid it is to stay clear of appearances of leaning in to a well known AI brand.

@mswilson
Small edits to Security-Focused-Guide-for-AI-Code-Assistant-Instructi…
608a87b 
…ons.md

* add link to Kiro steering documentation, sort tools alphabetically
* adopt terminology more applicable to professional software
  development ("You are the Pilot" -> "You are the Developer")
* reinforce that the developer is responsible for potential harms of
  the code, link to IFIP code of ethics and professional conduct for
  definition of "harm". IFIP is the leading multinational, apolitical
  organization in Information & Communications Technologies and
  Sciences.

Signed-off-by: Matt Wilson <[email protected]>
@mswilson
Copy link
Author

mswilson commented Aug 7, 2025

I moved the "harm" reference to the IFIP code of ethics, which is adapted from the ACM code of ethics.

The ACM/IEEE-CS software engineering code of ethics is an older code (from 1997).

@david-a-wheeler
Copy link
Contributor

I see your point about "co-pilot", that's a good point. But I don't think "apprentice" works either, as an apprentice is expected to eventually replace you.

How about "assistant"? There's no implication that an assistant can or will eventually replace you.

@david-a-wheeler
Copy link
Contributor

The ACM/IEEE-CS software engineering code of ethics is an older code (from 1997).

I don't see that as an issue. I think ACM & IEEE are much better-known in many circles than IFIP, so I wouldn't replace IFIP's work with others.

The IFIP one appears to be based on the ACM "Code of Ethics". That is a different document than the one I noted earlier, which is the "The Software Engineering Code of Ethics and Professional Practice" jointly released by ACM and IEEE.

I suggest citing both, then we cover our bases. :-).

trumant
trumant approved these changes Aug 8, 2025
View reviewed changes
Copy link

@trumant trumant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mergeable as-is, but ideally the Apprentice --> Assistant change makes it in here as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-a-wheeler david-a-wheeler david-a-wheeler left review comments

@trumant trumant trumant approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mswilson @david-a-wheeler @trumant