> They should be fined out of existence for such breaches and they would quickly change tune.

Looks like this is a great opportunity for an object lesson. Let’s see how it goes…

As far as certification stuff…

Civil engineering has had licensing forever. That’s because Bad Things Happen, when they make mistakes.

I do think that it would be a good idea to score/certify critical infrastructure stuff. That might involve certification of the people that make it, but it should certainly involve penalties for the people responsible. That might include the authors, but it should probably also include the folks that decide to use the bad code.

I know that ISO 9000 is an attempt to address this kind of thing. In my opinion, it’s kind of a mess. I’ve worked in ISO 9000 shops, and it’s not much fun. The thing you learn, pretty quickly, is how to end-run the process, as it’s so heavy, that it basically stops all forward progress. It doesn’t have to, but often does.

Mistakes get made. If you design carefully, these mistakes won’t cause real damage.

I just figured out that an app I wrote, that’s been out for two years, has an embarrassing bug (mea culpa). I’ll get it fixed today.

Because I’m pretty careful, it doesn’t affect stuff like user privacy. It just introduces performance overhead, in one operation, so the fix will mean that the app will suddenly speed up.

I’m not sure that certification would have solved it. My security mindset is why user privacy wasn’t affected, and that comes from experience.

> Good judgment comes from experience. Experience comes from bad judgement.

▲

Orygin 2 days ago | parent [-]

Also if you are personally liable of gross negligence, you will:

1. Get paid more (as less fake "engineers" are available for the responsibility).

2. Push back harder (or at least document in detail) on malpractice during development. Manager did not listen to your warnings? Document it and when shit hits the fan, the manager gets the stick instead of you.

Hitting companies with monetary fines does not work. Hitting the employees with jail time will make sure they don't sign on dangerous or known problematic systems.

Manager not listening? Remind them they will face a trial if the issue does surface.

▲

ailef 2 days ago | parent [-]

> Hitting companies with monetary fines does not work. Hitting the employees with jail time will make sure they don't sign on dangerous or known problematic systems.

What!? So, when you can't switch jobs because the market is bad or for any other reason, your choices are: 1) quit and lose the income (which you can't afford) or 2) sign on whatever and accept the risk of jail time?

	▲	Orygin a day ago \| parent \| next [-]
		The job market in such society would not be the same as it is now. If you are certified, chances are you will have lots of choices to work.
	▲	ChrisMarshallNY a day ago \| parent \| prev [-]
		Sounds like every other vocation out there. Software devs have been insanely privileged, for the last couple of decades. That seems to be changing.