identify and apply the PAPA framework for ethical issues which appear in the following text:
Weak security and Personally identifiable information (PII) protection
Application security is growing in importance as software plays a larger role in our online and offline environments.
Developers often only address security after code release, rather than during development. As a result, the software community lacks secure development standards. “The emphasis is almost entirely on getting a product out to market,” said Randolph Morris, CEO of Bit Developers, a software development consultancy. Once a software product is publicly available, the focus shifts to new features and performance optimization, so security continues to have minimal prominence.
Hackers and other malicious actors cause real damage to real people. Our current digital ecosystem tends to address application security by plugging vulnerabilities as they are found. The reactionary approach is neither practical nor pragmatic.
To address this ethical responsibility for customer safety, developers need education, but typically only cybersecurity-specific classes address these topics. To start, educate your team about cybersecurity failures such as the Anthem medical data breach in 2015, where PII was stored as plain text in a database. “If this information was encrypted, it would not have been so easy to use and valuable to distribute,” Morris said.
Also, the industry needs revised security standards. Organizations can do more to embrace standards meant to protect PII. The Payment Card Industry Data Security Standard and HIPAA for health apps are a good start, but developers should consider other forms of PII as well, and software designs that protect it.