Update Security-Focused-Guide-for-AI-Code-Assistant-Instructions.md

[mswilson]

• add link to Kiro steering documentation, sort tools alphabetically
• adopt terminology more applicable to professional software development ("You are the Pilot" -> "You are the Developer")
• reinforce that the developer is responsible for potential harms of the code, link to ACM code of ethics and professional conduct for definition of "harm"

[david-a-wheeler]

I suggest also citing
"The Software Engineering Code of Ethics and Professional Practice" as recommended by the ACM/IEEE-CS Joint Task Force on Software Engineering Ethics and Professional Practices and jointly approved by the ACM and the IEEE-CS as the standard for teaching and practicing software engineering. While the ACM recommends its code of ethics for all, a joint statement from both the ACM and IEEE is a stronger source of authority. It also notes harm.

[david-a-wheeler]

I don't know that "pilot" is the wrong term in this case, it does indicate someone who controls a machine but is ultimately responsible for what happens.

[mswilson]

I suggest also citing "The Software Engineering Code of Ethics and Professional Practice" as recommended by the ACM/IEEE-CS Joint Task Force on Software Engineering Ethics and Professional Practices and jointly approved by the ACM and the IEEE-CS as the standard for teaching and practicing software engineering. While the ACM recommends its code of ethics for all, a joint statement from both the ACM and IEEE is a stronger source of authority. It also notes harm.

I'll work on that change.

I don't know that "pilot" is the wrong term in this case, it does indicate someone who controls a machine but is ultimately responsible for what happens.

In aviation, your "co-pilot" is a fellow practitioner, and is fully capable of taking command of the aircraft. The autopilot (or, generally "cockpit automation") is a tool that a pilot can use to manage cognitive load, optimize passenger comfort, etc. Ultimately, the pilot has responsibility for the aircraft, and needs to know when to take over control from automation.

This one reason why "You are the pilot, AI is the co-pilot" breaks down as a useful analogy to me.

Another reason to avoid it is to stay clear of appearances of leaning in to a well known AI brand.

[mswilson]

I moved the "harm" reference to the IFIP code of ethics, which is adapted from the ACM code of ethics.

The ACM/IEEE-CS software engineering code of ethics is an older code (from 1997).

[david-a-wheeler]

I see your point about "co-pilot", that's a good point. But I don't think "apprentice" works either, as an apprentice is expected to eventually replace you.

How about "assistant"? There's no implication that an assistant can or will eventually replace you.

[david-a-wheeler]

The ACM/IEEE-CS software engineering code of ethics is an older code (from 1997).

I don't see that as an issue. I think ACM & IEEE are much better-known in many circles than IFIP, so I wouldn't replace IFIP's work with others.

The IFIP one appears to be based on the ACM "Code of Ethics". That is a different document than the one I noted earlier, which is the "The Software Engineering Code of Ethics and Professional Practice" jointly released by ACM and IEEE.

I suggest citing both, then we cover our bases. :-).

[trumant]

Mergeable as-is, but ideally the Apprentice --> Assistant change makes it in here as well.

[balteravishay]

Great additions and corrections here, thanks all!