Comment by scheme271
11 hours ago
Uh, who determines that the infrastructure wasn't properly secured? Who is willing to risk prison because some intern accidentally committed an API key or made a dumb mistake. Conversely, what's the chances that no one actually gets prosecuted regardless of how sloppy their security practices are?
> who determines that the infrastructure wasn't properly secured
An investigative body, the same kind that determines the who, the why, and the how when an airliner crashes or a bridge collapses. Obviously a lot of work needs to be done to get from point A to point B, and it won't happen overnight, but software development is currently a deeply unserious profession and at some point a genuine software engineering practice needs to be developed.
I am, perhaps naively, slightly hopeful that the LLM bullshit plaguing our industry will be the gust of wind needed for the house of cards to collapse and governments to realise that allowing the entire world to be vibe coded is not sustainable.
Pretty famously, aviation incident investigations are almost always not done with prosecutorial intent, and more about truth finding. It leads to people involved being cooperative to prevent future problems instead of ass covering to prevent jail.
Aviation’s safety record is not coincidental.
In a darker reading; strong aviation safety is mostly motivated by not killing customers. An airline or plane maker who kills more customers than others will rapidly bleed those same customers and lose them to less lethal competitors. If no one cared about dying people I imagine aviation safety wouldn’t be so impressive.
As someone else here said, software, for the most part, is a deeply unserious industry. The stakes are so comparatively low and the consequences less obvious that it’s a lot easier for companies like intuit to maintain their supremacy simply by being entrenched, having strong sales teams, and the hearts & minds of non-technical managers.
In recent times it seems Boeing has been flirting with enshitification and half-assery but critics are not quiet and not falling on deaf ears
1 reply →
> An investigative body
This just in: Anthropic, Harvard and Jimmy Kimmel have been investigated and found guilty of not securing their infrastructure.
When a great product is built it was the leadership and when a mistake was made it was always the employee that did it. Cool!
Ideally the chances are high to certain they get prosecuted for sloppy security practices. It's part of the gig of being a CEO, if you imagine you are such a visionary/ideas guy/leader/whatever, risk taker (always a risk taker) then you can gamble spending 20 to life because you weren't actually as good as you thought.
> Uh, who determines that the infrastructure wasn't properly secured?
ShinyHackers, obviously.