[wil421]

I agree we should hold companies accountable for everyone one of your hackabels. Broader and faster moving regulation is probably needed in the US around basic software and networking security.

I absolutely disagree with the OP about holding individual software engineers responsible and even banning them from ever working in software engineering again. Engineers take orders from management and executives. Even with the loudest protest possible they are often shutdown by higher ups. Sometimes the noisy engineers are replaced by more docile yes types or shunned.

[3pt14159]

I was a structural engineer (EIT) once. I pushed back against a manager that wanted to do something that I knew for certain would degrade the structural capacity that the design engineer had planned for. He could have fired me but it would have made the news if he did because the public has trust in the individual engineers that design our buildings and civil works.

We need the same for software. It doesn't mean mistakes never happen. Mistakes happen even with the best of intentions by the smartest people. We don't blindly strip engineers of their livelihood. Only when an engineer has shown gross incompetence or carelessness or repeated poor judgement does that happen.

[donaltroddyn]

> I absolutely disagree with the OP about holding individual software engineers responsible and even banning them from ever working in software engineering again. Engineers take orders from management and executives. Even with the loudest protest possible they are often shutdown by higher ups. Sometimes the noisy engineers are replaced by more docile yes types or shunned.

Both companies and individual software developers should be held responsible.

Professional ethics dictate the behaviour of professionals is almost all fields. Software developers love to use the term engineer, but all other professional engineers have strict professional ethics codes. They usually require evidence of competence, which can be revoked, and require that professional engineers must refuse orders or instructions that they know or reasonably suspect are unlawful, could cause harm, or for which they’re not competent to carry out. If their superiors insist, they must refuse, to the point of termination or resignation.

When a professional engineer makes an honest mistake, they are not prohibited from working (unless it stems from extreme incompetence). However, where they are negligent, they are, usually pending remedial training and assessment. They can be additionally criminally responsible where their negligence causes harm.

I believe the same should be true of software developers. It would create a sustainable incentive structure, where good developers (who are already rare and in high demand) could refuse unlawful or unethical instructions on the grounds that they would be personally responsible. It would also allow technical leadership to make a stronger business case for developing secure, lawful, ethical software.

I also think computing is a human right, and anybody should be allowed to write software. Professional standards and ethics should only apply to the development of software that could affect human life, safety, or privacy.