Software Development Ethics Course Modules

As technology continues to shape how people live, work, and connect, software professionals need the knowledge and frameworks to build products that are ethically responsible and transparent. Our new course, "Software Development Ethics," equips teams with practical skills for navigating ethical challenges across the entire software development lifecycle. See our course page for more information: https://lnkd.in/e7a-vCrF #SoftwareDevelopment #TechnologyEthics

𝐓𝐰𝐨 𝐩𝐚𝐭𝐭𝐞𝐫𝐧𝐬 𝐈'𝐯𝐞 𝐧𝐨𝐭𝐢𝐜𝐞𝐝 𝐢𝐧 𝐡𝐨𝐰 𝐩𝐞𝐨𝐩𝐥𝐞 𝐛𝐮𝐢𝐥𝐝 𝐚𝐧𝐝 𝐭𝐡𝐢𝐧𝐤 𝐚𝐛𝐨𝐮𝐭 𝐚𝐠𝐞𝐧𝐭𝐢𝐜 𝐬𝐲𝐬𝐭𝐞𝐦𝐬: 1. Code that calls LLMs 2. LLMs that call code Code that calls LLMs is more predictable, easier to debug, and easier to secure. You can even run tests on it, and narrow down which LLM call is the problem. Best for tasks that run again and again just with different input data, where you can tweak and improve results over time. LLMs that call code are more or less unlimited in what they can do (or at least what they can try to do), and is the best for a general purpose tool. However they become expensive and unpredictable to run in automations. Security is hard, because the more general access you give an LLM to write code, the more you're trusting the LLM itself to be the security layer. So the choice comes down to the task: Is it the same thing repeatedly but with diferent input data? Should it be an automated, predictable process? That should be code that calls LLMs at key moments to parse information that you can't parse with regular code. Is it open-ended, where you never know what's going to be asked of it (Claude Code, Cowork, etc.)? That should be an LLM that calls code. As a software dev, I naturally gravitate toward option 1 when solving a problem, that's just how I imagine systems. But a lot of the tools I use day-to-day, like Claude Code, are option 2, which I think is where most non-devs land when they first start thinking about LLM systems. Both options need to stay on the table when you're designing something. Neither is better than the other, you just need to understand what your task requires. The main mistake I see people make is reaching for #2 when #1 would do the job. Don't get an LLM to figure out something you can automate with 100% reliable code. I've got a few side projects using both patterns that I'm hoping to share soon.

𝐄𝐂 𝐃𝐫𝐚𝐟𝐭 𝐆𝐮𝐢𝐝𝐚𝐧𝐜𝐞 𝑻𝒉𝒆 𝑬𝒖𝒓𝒐𝒑𝒆𝒂𝒏 𝑪𝒐𝒎𝒎𝒊𝒔𝒔𝒊𝒐𝒏 𝒓𝒆𝒄𝒆𝒏𝒕𝒍𝒚 𝒑𝒖𝒃𝒍𝒊𝒔𝒉𝒆𝒅 𝑪𝑹𝑨 𝒈𝒖𝒊𝒅𝒂𝒏𝒄𝒆. 𝒉𝒆𝒓𝒆 𝒊𝒔 𝒘𝒉𝒂𝒕 𝒊𝒕 𝒄𝒍𝒂𝒓𝒊𝒇𝒊𝒆𝒔. On 3 March 2026, the Commission published draft guidance under Article 26 CRA — the first official clarification document for economic operators. 𝑻𝒉𝒓𝒆𝒆 𝒕𝒉𝒊𝒏𝒈𝒔 𝒕𝒉𝒂𝒕 𝒎𝒂𝒕𝒕𝒆𝒓 𝒇𝒐𝒓 𝒆𝒎𝒃𝒆𝒅𝒅𝒆𝒅 𝒎𝒂𝒏𝒖𝒇𝒂𝒄𝒕𝒖𝒓𝒆𝒓𝒔: 🚨 𝑺𝒄𝒐𝒑𝒆 𝒐𝒇 "𝒑𝒍𝒂𝒄𝒊𝒏𝒈 𝒐𝒏 𝒎𝒂𝒓𝒌𝒆𝒕": Software is placed on the market when first made available for download or remote access. Sample and demo code in tutorials is explicitly excluded. Remote data processing solutions are in scope when integral to the product's functionality. 🚨 𝑺𝒖𝒑𝒑𝒐𝒓𝒕 𝒑𝒆𝒓𝒊𝒐𝒅: The guidance reinforces CRA Art. 13(8) — the support period must reflect expected use. Shorter periods require documented justification in the Technical Dossier. 🚨 𝑭𝑶𝑺𝑺 𝒓𝒆𝒔𝒑𝒐𝒏𝒔𝒊𝒃𝒊𝒍𝒊𝒕𝒚: Responsibility follows who publishes and controls a project — not who has commit rights. Commercial distribution is the trigger for manufacturer duties, not code contribution. One important caveat: this was draft guidance, and the window for feedback closed on 31 March 2026. While the final version is being processed and may differ from this draft, it remains non-binding even once finalized — authoritative interpretation rests solely with the CJEU. ------------------------------ PS-1: If you are interested in the 𝐂𝐲𝐛𝐞𝐫 𝐑𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞 𝐀𝐜𝐭, I cordially invite you to subscribe to my newsletter: 👉 https://lnkd.in/ehbuzd3F 𝐈 𝐚𝐦 𝐑𝐨𝐮𝐡𝐨𝐥𝐥𝐚𝐡, and there I explore the topic holistically—from technical questions and legal requirements to management perspectives. 🔔 A special focus is placed on practical insights: I share my own implementation experiences, specific challenges, and proven solution strategies. I look forward to having you join us and actively helping to shape the conversation! PS-2: ⚖️ The contents of this Page are for general information purposes only and do not constitute legal advice. #CRA #ECGuidance #CyberResilienceAct #Regulation2024/2847 #EmbeddedLinux #ProductSecurity #Compliance

NITDA expands software infrastructure to secure data systems - Punch Newspapers: NITDA expands software infrastructure to secure data systems  Punch Newspapers #datagovernance #CDO #finperform

As a software builder, have you really considered the legal and compliance impact of what you’re shipping? Today, code moves fast. But products can be taken down just as fast — all it takes is ignoring requirements like LGPD in Brazil, GDPR in Europe, or CCPA in the U.S. Scaling without governance is risk by design. And at some point, external audits and specialized consulting stop being optional — they become necessary. It was never just about code. It’s about solving problems — and the bigger you grow, the more critical they become. #SoftwareEngineering #Compliance #DataPrivacy #SystemDesign #Architecture #TechLeadership

As a software builder, have you really considered the legal and compliance impact of what you’re shipping? Today, code moves fast. But products can be taken down just as fast — all it takes is ignoring requirements like LGPD in Brazil, GDPR in Europe, or CCPA in the U.S. Scaling without governance is risk by design. And at some point, external audits and specialized consulting stop being optional — they become necessary. It was never just about code. It’s about solving problems — and the bigger you grow, the more critical they become. #SoftwareEngineering #Compliance #DataPrivacy #SystemDesign #Architecture #TechLeadership

Are “classic” APIs still relevant in an era of increasing uncertainty and complexity? The answer isn’t black and white, while MCP empowers systems to dynamically discover the right tools in ever-changing environments, standardized APIs remain indispensable where predictability and deterministic outcomes simply cannot be compromised.

Listen to the experts (Martin Fowler), really important:👂👇 «For some situations, this separation can be valuable, but beware that for most systems CQRS adds risky complexity. Like any pattern, CQRS is useful in some places, but not in others. Many systems do fit a CRUD mental model, and so should be done in that style. CQRS is a significant mental leap for all concerned, so shouldn't be tackled unless the benefit is worth the jump. While I have come across successful uses of CQRS, so far the majority of cases I've run into have not been so good, with CQRS seen as a significant force for getting a software system into serious difficulties. If your domain isn't suited to CQRS, but you have demanding queries that add complexity or performance problems, remember that you can still use a ReportingDatabase Despite these benefits, you should be very cautious about using CQRS. Many information systems fit well with the notion of an information base that is updated in the same way that it's read, adding CQRS to such a system can add significant complexity.»

The latest update for #Kosli includes "Diff-erent Perspectives: How Specialized LLM Personas Catch More Bugs" and "Introducing Code Repositories in Kosli". #DevOps #DevSecOps #Audit #SRE https://lnkd.in/eCHbWBVm

Compliance isn’t a document you file away in a drawer. 📂 It’s code. 💻 When you’re building cross-border, things like GDPR and MiCAR shouldn’t be "checked" after the fact. They should be embedded in your schema from Day 1. Using Marblism, I help founders bake regulatory logic directly into their software architecture. Why hire a consultant to audit your work when the system literally won't let you break the rules? That’s how you scale without the friction. Get your boilerplate automated: https://lnkd.in/d7iJ-wtU #Marblism #Compliance #Founder #CrossBorder #LegalTech #BuildInPublic