[seanw265]

I was thinking less about self-imposed code reviews and more about regulatory frameworks—principles borrowed from architecture and construction, like mandated documentation, reviews, and inspections.

There's some precedent for this: software in medical devices face strict regulations after incidents like Therac-25.

While most software might not carry the same life-or-death risks, data breaches are increasing in frequency and impact. We should at least be thinking about how we can improve our processes as an industry.

[sho_hn]

> I was thinking less about self-imposed code reviews and more about regulatory frameworks—principles borrowed from architecture and construction, like mandated documentation, reviews, and inspections.

This exists in automotive, cf. ASPICE. And even more extensively in aviation.

And no, it doesn't help fight sprawl much sadly.

The HN crowd is mostly web and mobile and unaware how broad the software field is, even though software in safety-critical applications of course predates both.

[bobthepanda]

given that it takes medical devices billions of dollars in testing to get to market this is a great way to just crush technology entirely. and even so the FDA is recognizing the error of some of its ways and lowering the barriers to entry for things like hearing aids.