Comment by godelski
3 days ago
In other industries there are professional engineers. People who have a legal accountability. I wonder if the CS world will move that way, especially with AI. Since those engineers are the ones who sign things off.
For people unfamiliar, most engineers aren't professional engineers. There are more legal standards for your average engineer and they are legally obligated to push back against management when they think there's danger or ethics violations, but that's a high bar and very few ever get in legal trouble, only the most egregious cases. But professional engineers are the ones who check all the plans and the inspections. They're more like a supervisor. Someone who can look at the whole picture. And they get paid a lot more for their work but they're also essential to making sure things are safe. They also end up having a lot of power/authority, though at the cost of liability. Think like how in the military a doctor can overrule all others (I'm sure you've seen this in a movie). Your average military doctor or nurse can't do that but the senior ones can, though it's rare and very circumstantial.
You'd be surprised how many SE's would love for this to happen. The biggest reason, as you said, being able to push back.
Having worked in low-level embedded systems that could be considered "system critical", it's a horrible feeling knowing what's in that code and having no actual recourse other than quitting (which I have done on few occasions because I did not want to be tied to that disaster waiting to happen).
I actually started a legal framework and got some basic bills together (mostly wording) and presented this to many of my colleagues, all agreed it was needed and loved it, and a few lawyers said the bill/framework was sound .. even had some carve-outs for "mom-n-pops" and some other "obvious" things (like allowing for a transition into it).
Why didn't I push it through? 2 reasons:
1.) I'd likely be blackballed (if not outright killed) because "the powers that be" (e.g. large corp's in software) would absolutely -hate- this ... having actual accountability AND having to pay higher wages.
2.) Doing what I wanted would require federal intervention, and the climate has not been ripe for new regulations, let alone governing bodies, in well over a decade.
Hell, I even tried to get my PE in Software, but right as I was going to start the process, the PE for Software was removed from my state (and isn't likely to ever come back).
I 100% agree we should have even a PE for Software, but it's not likely to happen any time soon because Software without accountability and regulation makes WAY too much money ... :(
The problem with software is that it's all so, so decentralized.
If you're building a bridge in South Dakota, there's somebody in South Dakota building that bridge. That person has to follow South Dakota laws, and those laws can require whatever South Dakota regulators want, including sign-offs by professional engineers.
If you're a South Dakota resident signing up for a web portal, the company may have no knowledge of your jurisdiction specifically (and it would be a huge loss for the world if we moved to a "geo-block every single country by default until you clear it with your lawyers" regime). That portal may very well be hosted in Finland by a German hosting company, with the owners located in Sweden, running Open Source software primarily developed in Britain. It's possible that no single person affiliated with that portal's owner ever stepped food in your jurisdiction.
Bridges are only built on-site. They're designed and engineered elsewhere, frequently overseas.
1 reply →
I work in manufacturing, though this comment is a generalization, and depends on what industry you’re in. What happens in practice is that products are certified by a third party regulatory agency, probably Intertek. They’re the ones who hire the professional engineers. The pushback comes from the design engineers being aware of the regulations, and saying: “This won’t get past Intertek.”
The downside is, bring money. Also, don’t expect to have an agile development process, because Intertek is a de facto phase gate. The upside is that maintaining your own regulatory lab is probably more expensive, and it’s hard to keep up with the myriad of international standards.
As for mom-n-pops, why do you want competition from them? Regulatory capture always favors consolidation of an industry. What happens in practice for consumers is that stuff comes from countries where the regulatory process can be bypassed by just putting the approval markings on everything.
Okay, that was sarcastic, but it’s possible that the vitality of software owes a lot to the fact that it’s relatively unregulated.
On the other hand, I wouldn’t mind some regulatory oversight, such as companies having to prove that they don’t store my personal data.
Note that I’m naming Intertek, not to point a finger at them, but because I don’t know if they have any competitors.
If you actually have that framework, then give it to someone with less to lose & all them to share it with the world.
> 2.) Doing what I wanted would require federal intervention, and the climate has not been ripe for new regulations, let alone governing bodies, in well over a decade.
Unionization could achieve the same end but the propaganda is strong in the US
I'm one of them, and for exactly the reason you say.
I worked as a physical engineer previously and I think the existence of PEs changes the nature of the game. I felt much more empowered to "talk back" to my boss and question them. It was natural to do that and even encouraged. If something is wrong everyone wants to know. It is worth disruption and even dealing with naive young engineers than it is to harm someone. It is also worth doing because it makes those engineers learn faster and it makes the products improve faster (insights can come from anywhere).
Part of the reason I don't associate my name with my account is so that I can talk more freely. I absolutely love software (and yes, even AI, despite what some might think given my comments) but I do really dislike how much deception there is in our industry. I do think it is on us as employees to steer the ship. If we don't think about what we're building and the consequences of them then our ship is beholden to the tides, not us. It is up to us to make the world a better place. It is up to us to make sure that our ship is headed towards utopia rather than dystopia (even if both are more of an idea than reality). I'd argue that if it were up to the tides then we'll end up crashing into the rocks. It's much easier to avoid that if we're managing the ship routinely than in a panic when we're headed in that direction. I think software has the capacity to make the world a far better place. That we can both do good and make money at the same time. But I also think the system naturally will disempower us. When we fight against the tides things are naturally harder and may even look like we're moving slower. But I think we often confuse speed and velocity, frankly, because direction is difficult to understand or predict. Still, it is best that we try our best and not just abdicate those decisions. The world is complex, so when things work they are in an unstable equilibrium. Which means small perturbations knock us off. Like one ship getting stuck shutting down a global economy. So it takes a million people and a billion tiny actions to make things go right and stay right (easier to stay than fix). But many of the problems we hate and are frustrated by are more stable states. Things like how wealth pools up, gathered by only a few. How power does the same. And so on. Obviously my feelings extend beyond software engineering, but my belief is that if we want the world to be a better place it takes all of us. The more that are willing to do something, the easier it gets. I'd also argue that most people don't need to do anything that difficult. The benefit and detriment of a complex machine is that small actions have larger consequences. Just because you're a small cog doesn't mean you have no power. You don't need to be a big cog to change the world, although you're unlikely to get recognition.
I also come from a more "traditional engineering" background, with PEs and a heavier sense of responsibility/ethics(?). I definitely think that's where it's going, although in my somewhat biased opinion, that's why the bar for traditional engineering in terms of students and expected skill and intuition was much higher than with CS/CE, which means the get rich quick scheme nature of it might go away.
I think you’re taking the professional responsibility that engineers are given too far. They are not given that responsibility to make political decisions, as you seem to be implying. Engineers are professionals in the hard sciences, not in social sciences. They only have power over ethical and safety issues directly pertaining to technical matters. I think ethics in this sense includes only very widely accepted ethical opinions, not anything that people from different political parties would disagree on. Engineering, in other words, is not political. Making the world better, as you put it, is something that requires political decisions. I hope people don’t make this confusion because the last thing most of us would like to see is Engineering becoming a political endeavor, including software engineering.
2 replies →
I don’t think the current cost structure of software development would support a professional engineer signing their name on releases or the required skill level of the others to enable such …
We’d actually have to respect software development as an important task and not a cost to be minimized and outsourced.
In many countries you are only allowed to call yourself a Software Engineer if you actually have a professional title.
It is countries like US where anyone can call themselves whatever they feel like that have devalued our profession.
I have been on the liability side ever since, people don't keep broken cars unless they cannot afford anything else, software is nothing special, other than lack of accountability.
Exactly this - I had a role in a multinational, US-founded company, however - I was based in Canada - our title had the name "engineer" contained within it. We were NOT by any means certified professional engineers according to any regulatory body - we were great at our jobs, but that was the reality.
We were NOT allowed to refer to our job title when deployed to the province of Quebec, which has strong regulations around the use of the term "engineer". It was fine - we still went, did our jobs, satisfied our customers and fixed their issues.
And the people of Quebec are much safer for it. /s
This divide between Canada and the US has existed since the birth of software engineering as a thing. Where is the evidence the protected name has done anything useful for either Canadian software engineers or its citizens?
1 reply →
>> In many countries you are only allowed to call yourself a Software Engineer if you actually have a professional title.
Which countries are those? Are you also only allowed to call yourself a Musician if you a Conservatory Degree?
Portugal, Germany, Canada, Switzerland are the ones I am aware of.
Software Engineering degrees are certified by the Engineering Order, universities cannot call themselves that just because they feel like it, and any kind of legal binding documents when notarised required the professional validity.
6 replies →
Why the glib dismissal when you most certainly live in a country where the use of titles like 'doctor', 'dentist', 'officer' or 'lawyer' is most certainly regulated?
This isn't really that exceptional and as someone from a place where not just anyone can call themselves engineer I'm always baffled when people think that it is.
7 replies →
>It is countries like US where anyone can call themselves whatever they feel like that have devalued our profession.
How have they devalued the profession when the labor of that professions is worth the most in the US?
If I start calling "bananas" "apples" then I devalue the meaning of the word "apple". You can't differentiate which I'm referring to.
If I start calling "bananas" "apples" the price at the store doesn't change.
I think you don't understand what the word "value" means. You understand one meaning, but it has more than one.
1 reply →
Professional labour value isn't synonymous with late stage capitalism without ethics or morals.
Now if you mean for own much one is willing to sell themselves to late stage capitalism, producing low quality products and entshtification, maybe that is the bang for buck right there.
12 replies →
We check the output of engineers tjats what infra audits and certs are for. We basically tell industry if you want to waste your money on poor engineers whose output doesn’t certify go ahead.
you could do that with civil engineering. anyone gets to design bridges. bridge is done we inspect, sorry x isn’t redundant your engineering is bad tear it down.
You couldn't do that with civil engineering, because checking if a bridge was built correctly is actually really hard, and it's why it's such a process for engineers to sign off on phases of construction.
You could look at the blueprints and calcs that were used to build it and inspect it, which they do. There’s no fundamental difference. Firms will self enforce engineering rigor because it’s a waste of money not to. Making it more stringent when lives are at stake makes sense, thats the only reason you could use to separate them. Also that can even get blurry in eg avionics software.
1 reply →
I wish I would have a rubber stamp like professional engineers do.
> In other industries there are professional engineers.
I think this is mostly a US thing.
A lot of responses below talking about what a 'certified' or 'chartered' engineer should be able to do.
I thought it would be noteworthy to talk about another industry, accountancy. This is how it works in the UK, but it is similar in other countries. They are called 'Chartered Accountants' here, because their institute has a Royal Charter saying they are the good guys.
To become a Chartered Accountant has no prerequisites. You 'just' have to complete the qualification of the institute you want to join. There are stages to the exams that prior qualifications may gain you exemptions from. You also have to log practical experience proving you are working as an accountant with adequate supervision. It takes about 2-3 years to get the qualification for someone well supported by their employer and with sufficient free time. Interestingly many Accountants are not graduates, and instead took technician level qualifications first, often the Association of Accounting Technicians (AAT). The accounting graduates I have interviewed wasted 3 years of their lives...
There are several institutes that specialise in different areas. Some specialise in audit. One specialises in Management Accounting (being an accountant at a company really). The Management accountants one specifically prohibits you from doing audit without taking another conversion course. All the institutes have CPD requirements (and check) and all prohibit you from working in areas that you are not competent, but provide routes to competency.
There are standards to follow, Generally Accepted Accounting Practice GAAP, UK Financial Reporting Standards FRS and the International equivalent IFRS. These cover how Financial Statements are prepared. There are superate standards setting bodies for these. There are also a set of standards that cover how an audit must be done. Then there is tax law. You are expected to know them for any area you are working in. All of these are legally binding on various types of corporation. See how that switches things around? Accountants are now there to help the company navigate the legal codes. The directors sign the accounts and are liable for misstatements, that encourages them to have a director who is an accountant...an audit committee etc.
How does that translate to software?
There are lots of standards, NIST, GDPR, PCI, some of which are legally or contractually binding. But how do I as a business owner know that a software engineer is competent to follow them. Maybe I am a diving company that wants a website. How do I know this person or company is competent to build it? It requires software engineers with specific qualifications that say they can do it, and software engineers willing to say, 'I'm sorry I am not able to work in this field, unless I first study it'.
I’m big on increasing accountability and responsibility for software engineering, but I’ve learned about SEI CMMI, and worked in an ISO 9001 shop.
In some cases, these types of structures make sense, but in most others, they are way overkill.
It’s a conundrum. One of the reasons for the crazy growth of software, is the extreme flexibility and velocity of development, so slamming the brakes on that, would have enormous financial consequences in the industry (so … good luck with that …).
But that flexibility and velocity is also a big reason for the jurassic-scale disasters that are a regular feature of our profession. It’s entirely possible for people that are completely unqualified, to develop software full of holes. If they can put enough lipstick on it, it can become quite popular, with undesirable consequences.
I don’t think that the answer is some structured standard and testing regime, but I would love to see improvement.
Just not sure what that looks like.
> but in most others, they are way overkill.
As an accountant I am able to enforce an accounts regime appropriate to my entity, with concepts like 'materiality' to help. I'm not sure about ISO9001, I'm more familiar with PCIDSS, and I found it to be very proscriptive, and 'all or nothing', compared with accounting standards. For instance in a small company, it is perfectly reasonable to state verbally to your auditor that your control over something is that you are close enough to the transactions to see misstatements by other people sat in the same room. Or even that you have too few people to exercise segregation of duties controls. In a larger company it is not ok. I don't see that same flexibility in other kinds of standards
1 reply →