[wfo]

It is, and they are. There is a wide variety of governmental standards programmers have to follow in a wide variety of industries (healthcare, education, banking, defense/military, etc) and programmers manage not to bribe their way into total control of the government because being a good citizen is too hard.

Having regulators with interests that diverge from people in industry is exactly the point; the things they are doing are often dangerous, reckless, and careless. It does not matter if it's "standard industry practice" or part of the "byplay common in the industry day-to-day". In fact it's crucial that regulators ignore this; we didn't particularly care that it was commonplace to put asbestos or lead in products when it started killing people, we just stopped it.

I don't care if it's "commonplace in the industry" to hash passwords with MD5 and leave a telnet port on the database server open to the Internet. It should be criminal because of how careless it is with people's personal data and I wish there were more regulators in the IT industry to come down on people who do it.