| ▲ | troupo 5 hours ago | |||||||
In regulated industries none of those matter if the tool invents compliance issues or breaks compliance. The only thought-ptovoking discussion should be "why the hell do we have this stochastic parrot anywhere near out codebase" | ||||||||
| ▲ | bloaf 4 hours ago | parent | next [-] | |||||||
I think that what technical people fail to understand is that a lot of the time, "compliance" is not the same as a binary compiles/does not compile. For a lot of rules/regulations, compliance means "making enough effort that legal is willing to back you up". A system which will just randomly decide to give the legal team reasons to not back you up is: * A system whose output will get brought up in lawsuits and make legal's job harder. * A system that will make the dev team perpetually chase its tail while it oscillates between the several different valid interpretations of the rules. | ||||||||
| ▲ | brookst 4 hours ago | parent | prev [-] | |||||||
Odd take. So if it identified 17 real gaps and helped fix them, the fact it was wrong about one gap, and the appropriate humans caught it and no harm was done, the whole thing is useless? Not saying that is the situation, I don’t know. But if “one error is too many” is your point of view… do you think the humans in these orgs are 100% perfect 100% of the time? | ||||||||
| ||||||||