[Tallasatree]

Architect here: from the outside looking in, you hit the nail on the head. In addition to The industry being so young the _relatively_ low-impact when bad things happen make things like this 'not a big deal'. When your mistakes result in a public outcry for a day, then fades into obscurity into the night, why change? why invest money into figuring out a better way?

When your mistake makes a building fall over...well, there's a reason why that almost never happens.

[keithnz]

I don't think this is quite right. Most buildings don't get all their design parameters tested in reality. But say when there is an earthquake, and the building collapses and you find that various checks and balances in the design process went wrong. I know here in NZ where we have had a number of significant earthquakes all kinds of known and unknown things have been discovered about buildings, either ones that have ended up killing people or ones which now are condemned because things played out differently than the designers thought they would

[Tallasatree]

Speaking about America, almost everything in a building beyond aesthetics is designed to a CODE MINIMUM. from the hangers that hang the ACT ceiling all the way, and especially to, the structural system. These systems have been designed and tested ad nauseam to provide minimum life safety standards. People in any industry can cut corners and screw up. Special situations can arise that surpass a minimum level standard (Fires started at every exit door, 9.0 earthquake...good luck) The forest you're missing through the trees here is the structured process that forces designers in a mature industry to design to a minimum agreed upon standard. Ironically, I'm highlighting the benefits of regulation...where it makes sense.

the forest I might be missing through the trees is that maybe there is an industry agreed upon standard within the Tech industry. My understanding is almost all of these breaches happen because comically silly mistakes (pw = password), not super high sophisticated attacks.

[keithnz]

same with NZ, which has pretty strict codes as we are sitting at the junction of 3 tectonic plates. Regulation including inspection is great, and generally works great, but until you get an earthquake, you really don't know if all the checks and ticking of boxes actually did its job. Microsoft and others likely catch multiple problems through checks, but occassionally a perfect storm happens and things break down. You then adjust your "regulations" to cover any short comings (hopefully). The entire planet you are missing through the forest is that all buildings aren't constantly "penetration" tested to find where they have problems. A quick search shows that USA suffers from many live deployed buildings that have been shown that they don't meet compliance. By Engineers that should've known better....