undefined

points

by datsci_est_20154 hours ago|

[-]

> I don't think we should ever head toward licensing/a credential body for software development, but I do think now is a good time to have discussions around liability for defective products.

Liability is how a credential body would organically grow. It already exists in the security, compliance, and enterprise parts of the software world.

by inigyou2 hours ago|

parent|

[-]

That can be okay. The problems we're worried about come when it's government mandated.

The EU Cyber Resilience Act puts heavy liability on vendors for software vulnerabilities that get exploited, including in open-source components they incorporate. OSS devs are shielded - liability is on the companies who incorporate OSS into commercial stuff.

by datsci_est_20154 minutes ago|

parent|

[-]

In practice, what’s the difference between a government mandated license and a government that quickly rules in favor of parties who are damaged by companies that don’t use licensed software engineers?

E.g. “Your software caused serious damages to our company / livelihood, and you best hope that it turns up in discovery that you used properly licensed software engineers who were following licensing best practices, otherwise this will be a slam dunk case.”

Genuinely an interesting question to me. Seems like the latter is a better option, generally, but it does lock restorative justice behind a paywall - you have to be able to afford a lawyer.