[qchris]

I sometimes think that situations like this are eventually going to lead to legally-required professional licensing for certain tasks in software development.

Obviously, not everyone who writes code needs a development license (what, I'm going to get licensed to write a blog or put up a site with fruit jokes?"), but if your business is going to involve personally-identifiable information, then you need actual engineering, and the folks that do that engineering need certification. This is a similar mechanism to how engineering licensing even started (in the US anyway), where Wyoming basically got tired of water infrastructure being built by people who didn't know what they were doing.

Licensing could also help provide individual engineers with leverage against managers or C-suite folks who want to move fast & break things. When you're in a professional class with exclusive sign-off capabilities, it's easier to be say "we have to do this right or it's my ass, back off" and should the company says "fine, you're fired", goes ahead with managing the PII, and a leak like this happens, the company's liability goes way way up. That situation overall tends to improve the leverage that skilled workers (like those who know how about database management for PII and endpoint configuration) have to do things right. There's a number of pitfalls that can happen with licensing as well, but I'd be curious to see if a push for something like this emerges over the next few years.

[doe_eyes]

> Obviously, not everyone who writes code needs a development license

That's actually a very likely outcome. The startling statistic is that roughly half of professions require occupational licensing. In some places, you need licensing to become a florist. In several states, being an interior designer or a gas pump attendant requires a permit. Software engineering is an absolute outlier as far as highly-paid jobs go.

I don't think this is right, but that's the world we're living in and we should stop fooling ourselves. There's a lot of SWEs who are talking about wanting some helpful, laser-focused regulation. Well, it's coming wholesale, and a fruit joke website is not going to be exempt.

[envp]

There’s already regulation affecting SDLC practices in the financial industry (SSDF in the US, DORA in the EU).

Definitely not a stretch for other (“important”) areas to start receiving such attention in the future.

[renewiltord]

So we can look at the software they produce and see if it's better. From what I can see they suck at it. There was that error where Citibank sent hundreds of millions to the wrong guys and that was totally due to software designed like a monkey did it.

Freaking nightmare with this licensing crap. But if you'll let me run a licensing company and make mine the compulsory one that everyone has to use I'm good for it.

I'll call it Certified Software Engineer LLC.

[mcmcmc]

The real value of licensing is enforcing liability, not that licensed professionals are necessarily better. With florists/stylists etc it’s more rent seeking than actually needed, but again… think of bridges.

[renewiltord]

Indeed. Here's an example of licensing: https://x.com/QuinnyPig/status/1806150889562054804

[userbinator]

That's the dystopian situation which Richard Stallman envisioned in "Right to Read". Do not want. I'd rather have these periodic gaffs than the alternative.

[throwawayk7h]

There's "right to code" and then "right to read," and these are different. Engineers have these sorts of licencing requirements because we don't want bridges to collapse. Doesn't stop people from tinkering with engineering on their own or even working as engineers in certain roles.

When it comes to handling private data like medical records, driver's licences, etc. -- yeah, I'd be in favour that companies over a certain threshold have to hire licensed coders for these tasks. It may be a loss of freedom for a few specific coders, but it'd be a benefit to everyone else's privacy.

[raxxorraxor]

Licenses of this kind would be a huge waste and if so, you would need to certify management, which likes to skimp on security. For engineers you either have special training or you accept the degree. Government cannot do much more.

And no license will give you leverage towards the c-suite.

[niij]

In the optimistic case the future won't require any of this licensing because there won't be private information to steal. There are solutions for identity verification without including scans of actual documents. Maybe smartcards will come out in the US at some point.

[tgv]

And then there'll be even more offshoring.

[crooked-v]

I'd be all for it if it finally gets the industry past all the stupid leetcode algorithm interviews.

[logicchains]

If engineering licensing organisations were in charge of hiring, the leetcode questions would be replaced with UML-diagram-drawing questions.

[m463]

"secure this code against mitm attacks"

[robben1234]

But there are already regulations and companies with their executives are being held accountable against it. Does it matter how many badges the person designing the system is wearing if it complies with regulations and passes an audit? The problem with leaks to me looks like more of the nature of lax enforcement and few consequences when found in the wrong.