Comment by Xelbair
5 days ago
Web is already mostly centralized, and corporations which should be scrutinized in way they handle security, PII and overall software issues are without oversight.
It is also a matter of respect towards professionals. If civil engineer says that something is illegal/dangerous/unfeasible their word is taken into the account and not dismissed - unlike in, broadly speaking, IT.
I just don't feel we want the overhead on software. I'm in an industry with PEs and I have beef with the way it works for physical things.
PII isn't nearly as big a deal as a life tbh. I'd rather not gatekeep PII handling behind degrees. I want more accoubtability, but PEs for software seems like it's ill-suited for the problem. Principally, software is ever evolving and distributed. A building or bridge is mostly done.
A PR is not evaluated in a vacuum
The question is who defines security.
I, as a self-proclaimed dictator of my empire, require, in the name of national security, all chat applications developed or deployed in my empire to send copies of all chat messages to the National Archive for backup in a form encrypted to the well-known National Archive public key. I appoint Professional Software Engineers to inspect and certify apps to actually do that. Distribution of non-certified applications to the public or other forms of their deployment is prohibited and is punishable by jail time, as well as issuing a false certification.
Sounds familiar?
The difference from civil engineering is that governments do not (yet?) require a remotely triggerable bomb to be planted under every bridge, which would, arguably, help in a war, while they are very close to this in software. They do something similar routinely with manufacturing equipment - mandatory self-disabling upon detecting (via GPS) operation in countries under sanctions.
It is my understanding that bridges in Switzerland have bombs, or at least holes for bombs.