Rules and Tools Alone Cannot Prevent It! IT Development and Operations Misconduct and Concealment Becoming 'Implicit Specifications'

Published: 2024-02-05

This article focuses on misconduct and concealment issues lurking in IT industry system development and data management, examining measures for restoring social trust and building robust systems. It analyzes the background of various problems including test data fabrication, security incident concealment, and inappropriate AI use, pointing to excessive deadline-first culture, multi-tier subcontracting structures, and neglect of technical debt as fundamental causes. The article explains the mechanism by which misconduct and compromise become embedded in daily development processes, emphasizing the importance of engineering ethics and the need for cultural transformation with "psychological safety."

Protecting Digital Society Trust: Addressing IT Development and Operations Misconduct and Concealment

In recent years, major system failures, personal information leaks, and test data falsification scandals have been successively revealed, significantly undermining social trust in corporations and government. In an era where systems have become social infrastructure itself, misconduct in IT domains poses fatal risks that can threaten corporate survival.

Current Situation: “Invisible” Problems Occurring in the Field

As systems become increasingly black-boxed, the following problems occur in forms difficult to see from outside:

  • Misconduct in Development Processes: Test data fabrication to meet deadlines, intentional bug concealment, releasing with vulnerabilities left unaddressed.
  • Operational and Data Management Deviations: Underreporting or concealing security incidents (unauthorized access, data exfiltration, etc.), unauthorized use of customer data without consent or improper conversion to AI training data.
  • Structural Problems: Governance failure due to proliferation of shadow IT (unauthorized tools introduced by departments independently).

Background Issues: Why Do Engineers Cross “The Line”?

Misconduct in IT domains is triggered not just by individual moral deficiency, but by industry-specific structures and severe pressure.

  • Distortion of Excessive “Deadline and Cost First” Culture: Unreasonable schedules disguised as “Agile” and budget pressures directly hit the field. Pressure to “release first, quality later” creates a development culture that uses any means necessary.
  • Multi-tier Subcontracting Structure and Ambiguous Responsibility: With development delegated through multiple layers, “who ultimately holds responsibility for quality and security” becomes ambiguous, making inconvenient information difficult to report upstream.
  • Technology Sophistication and Formalized Checking Functions: With AI and complex cloud architecture adoption, audit departments and management cannot grasp reality, leading to “formalized audits” that merely fill checklists.

Process of Misconduct Expansion: “Technical Debt” and “Moral Slope”

In IT fields, misconduct and concealment don’t suddenly occur on a large scale.

“Just this once for the deadline, let’s skip security checks” “Error logs are appearing, but let’s pretend we didn’t see them”—as such small compromises and concealments repeat, they become embedded as “implicit specifications (bad know-how)” in daily operations.

This “technical debt” and “ethical debt” accumulate like a snowball, eventually exploding as irreversible large-scale system failures or massive information leaks. Stopping this moral slope early through code reviews and CI/CD (continuous integration) stages is extremely important.

Path to Resolution: “Engineering Culture Transformation” Beyond Tool Implementation

Merely “strengthening rules” through DevSecOps (development, security, operations integration) tools and audit system implementation doesn’t achieve fundamental solutions. What’s required is organizational cultural and climate transformation.

  • Ensuring Psychological Safety and Open Culture: Build an environment with “psychological safety” where field engineers can raise alerts without hesitation, saying “we cannot guarantee quality with this schedule” or “we discovered a serious bug.” It’s essential to establish a “postmortem (blameless retrospective)” culture that treats failures not as individual responsibility but as system-wide issues.
  • High Engineering Ethics: Each developer must maintain high ethical awareness and professionalism regarding “how the code I write affects society.” Attitudes that embed ethics into systems from initial stages, such as privacy-by-design, are required.
  • Management Commitment to IT Governance: Management must send clear messages that “quality and security take priority over speed and cost” and maintain the integrity to protect field engineers.

Conclusion

Rather than unreasonably pursuing “zero” bugs or incidents and pressuring the field, organizations that build robust systems through transparent processes and can respond quickly and sincerely when problems occur ultimately minimize security risks and misconduct.

Fostering an open and proud engineering culture leads to overall system quality improvement. We in IT must continue efforts to build the “trust” that becomes the foundation of digital society by maintaining not just technical skills but high ethical standards and social responsibility.

Thank you for reading. Let’s continue working together toward a safer, more trusted digital society.

Related Articles

The 'Security Wall' in AI Agent Adoption: Lessons for Japanese Enterprises from the EV Industry

2026-03-30

For Japanese companies aiming for radical efficiency through AI agents, the biggest obstacle is traditional security thinking. We explore how to break free from the 'perfectionist trap'—a parallel to the lag in EV development—and shift toward agile security.

The Era of Banks Evolving with AI: MUFG × OpenAI Partnership Reveals the 'Future of Finance'

2025-11-13

MUFG partners with OpenAI to envision a digital bank with ChatGPT as a standard feature. Examining the financial industry's transformation through the lens of how a security-focused bank embraced AI.

Systems That Aren't Being Used—Organizations That Can't Call It a Failure Can't Change

2025-10-29

Systems were introduced with the assumption they would be 'usable.' If they're not being used, that's a failure. Organizations that don't acknowledge states requiring improvement as failures cannot change.

« Back to Blog