Not OP, but 40 years in software, so here’s your answer — abstraction is the essence of programming. Get good enough at this, with a poor moral compass, and you can justify your code doing anything with no accountability whatsoever.

Corporate software engineers learn early on that they’re only responsible for their keystrokes (e.g., bug tickets, code formatting), not for the effects of their work (e.g., more efficient distribution of child pornography).

Most developers are so inured to this that they react defensively by reflex to any suggestion that their code should have done _anything_ other than what it did. They’re not responsible, see?

The defense for the civil engineer is that his design was in accordance with usual and customary engineering standards. If he did something unusual or new, he might be liable if that was the root cause of the failure. If he signed off on a sound design, he's probably OK.

Should work the same with software. The problem is that nobody learns that, schools don't teach it (school isn't even required to be a software developer), and there are no licencing bodies that set and enforce the standards. And, ultimately, most software failures don't cause death or injury.

I don’t know about civil engineering but don’t people only go to jail for negligence or worse?

Similarly, if the change was a bug, write a postmortem, find ways to make the whole and move on. If it was malicious, then prosecute.

I doubt it was malicious though.

> Why shall be different with code?

Quite possibly cause software engineering feels like tofu dreg construction all of the way down - it's a bunch of suits pushing devs to make features with ever changing technologies and practices where the framework/technology/approach of the year/month/week eats up all of the focus and nobody ever establishes proper good baselines and standards of what "good code" is and instead the nerds argue ad infinitum about a bunch of subjective stuff while drowning in accidental complexity, made worse by microservices, AI slop and chasing after zero downtime instead of zero bugs. It's bad incentives all the way down. On the other end of the spectrum, you have codebases that perhaps should have taken advantage of some of the newfound wisdom of the past 40 years, but instead they're written in COBOL or FORTRAN and the last devs who know the tech are literally dying out.

There's nigh infinite combinations of tech stacks out there and because corpos literally won't incentivize people to not job hop, you don't really get that many specialists with 20 years of experience in a given technology that at least have a chance at catching the stuff that formal code analysis and other tooling didn't because nobody cares that much about validating correctness past saying "Yeah, obviously you should have some test coverage." To give an example, whoever came up with the idea of wiring up the internals of your app at runtime on startup instead of during compilation, a la the majority of Spring and Spring Boot, should go to jail. And everyone who made dynamic languages as well. And whoever pushed the idea that there should only be a loose contract between the networked parts of a system (e.g. not something MORE correct than SOAP).

Put everyone in jail for daring to be employed in that shitshow: devs, execs and the tech vendors as well, for not prioritizing the code correctness like you would in a spaceship (aside from Ariane 5) or a plane (aside from MCAS) or proper financial systems (aside from Knight Capital) or CPUs (aside from the Pentium FDIV bug). Sure, there plenty of proper engineering out there, but my experience makes me view the claim that we should treat software like "real engineering" as a sick joke, when so much of the stuff I've seen and used isn't, about the same confusion that you'd get when you'd suggest that 100% code coverage is something that you should do if you're serious, though obviously that would make you never ship and we can't have that. Software is like the Wild West except people pretend to be serious, some days it feels like the only winning move is not to play (and to starve).

Sorry about the rant, pissed off at the status quo and the state of the industry, it feels like building a house of cards, except some of the cards aren't even rectangular. They wasted millions in my country to make a not working e-health system, for a country of like 2 million people. I'm not surprised in the slightest that breaches and fuckups will happen with the large orgs too aplenty. It's absurd, the world we live in.

This is a terrible analogy.

You're comparing a failing bridge to an attack.

These things are not the same.

We did not sue the designers of the World Trade Center because their buildings could not withstand being hit by a plane.