Comment by trog
4 months ago
All true but tell the average programmer that you think their industry should be regulated and they should potentially be held liable for their code.
This is not a popular opinion on software development circles - unless you're already in one of those regulated fields, like where a software engineer (a literal accredited engineer) is required.
But it's been an increasingly common talking point from a lot of experts. Bruce Schneier writes about it a lot - he convinced me long ago that our industry is pretty pathetic when it comes to holding corporations liable for massive security failures, for example.
We have to mature as an industry. Things like not staying up to date on third party dependencies, not including cybersecurity as part of the build pipeline, lack of static and dynamic analysis, not encrypting at rest secrets, etc
It is already costing millions of dollars and it’s just accepted.