Do you blame the dev? Do you blame the HR system that hired them? How about the manager that pushed them too much? What about his manager? Is it the VP of IT's fault, even if he didn't know the technical specifics? Nothing is any one person's fault. Blame is a stupid waste of time.
At some point we will sit down and recognize that calling programmers "engineers" was a mistake. True engineers make guarantees within clearly specified limits and take on liability for those guarantees. Modern technology companies claim many things while owning little, if any, responsibility.
For starters, the whole 'NOT FIT FOR ANY PARTICULAR PURPOSE EVEN THOUGH YOU PAY FOR IT TO DO THESE SPECIFIC THINGS' contract thing needs to go die.
WRT engineering- if someone walks into a production cell and a robot swings and hits them in the head, guess who generally gets the blame in an investigation? The group that somehow didn't put safety scanners or a cell wall with door interlocks or didn't use safety-rated equipment.
There's a big difference between "guys, please get out of the way before I make the bot move" and "guys, I can't make the bot move until you're out of the way and the door is closed and latched" and worst-case scenario, that difference can be any number of human lives.
Surely things can improve, but it'll take time, dedication, and sucking it up and rewriting legacy code and probably being slower at pushing features out. (Keep in mind this isn't a universal guidebook- and should mostly be for companies that create software and infrastructure that is or can be life-critical.)
I agree, although I also think civil engineers who miss things (Elliot Lake mall collapse, for example) are mostly just scapegoats and don't deserve to shoulder so much of the blame.
This is what I was thinking with my comment. I don't like the idea of being liable for software I make. I love that the MIT license has a clause saying whatever happens to your computer is not my fault. It's comforting when you're just trying to share something.
But.. there are certain classes of software that I think should be written differently.
I feel like we made a lot of bad decisions. There should be a completely separate stack for hospitals, power plants, etc., including a custom operating system. Why is Windows running on every machine? Isn't this a national security issue at this point?
>"Why is Windows running on every machine? Isn't this a national security issue at this point?"
Because for better or worse people make their choices and who are you to tell them what to run.
Infrastructural software - sure there should be some kind of security certification. this probably will not help much. Switches and routers are not running Windows and are still being attacked and crippled. Or consider the Stuxnet.
