>why not put the devs and sysadmins in prison if they didn't follow them
replySo we should start treating them like licensed engineers... Actually I agree with this.
This is bit too far to put onus on devs for security and the comparison is more like apples to oranges with other regular licensed engineers. It hard to justify ROI on Security, if anything it makes it harder to roll out features with more traction.
replyIn the absence of any fine, most companies are comfortable with bit of reputation damage.
When the Minneapolis bridge collapsed there were no criminal charges involved. HN has this obsession with "licensed engineers" as if it completely prevents catastrophe and holds people to the highest standards. It's just a dog and pony show.
replyI mean, 40 years is a bit longer than the garbage we're making lasts.
replyAnd software holds people to exactly zero standards and it shows.
Accountability needs to start at the top. To allow a system where some underling is a liability blind for the top is to set up a system ripe for abuses of power.
replyNo problem. We can have AI do it.
replyAnd the side benefit is that we could summarily execute one every once in a while for failing to write secure code.