> We're still figuring all this out.
The defining feature of engineering as a profession isn't how much we collectively know about it, it's the attitude we bring into day-to-day practice.
Take something like the Sony BMG rootkit scandal[0]. Anybody with an ounce of sense and even basic technical programming knowledge could tell the sort of security issues that that piece of software could lead to. Shipping that thing was the sort of recklessness that would get you stricken from any industry's professional body.
Or maybe something like the UK's Post Office scandal[1]. One of the issues there was that post offices sold foreign currency. People were accused of (and actually jailed for) fraud because their branch sold $100, there's £70 in the till, and the reconciliation process says that the exchange rate is $100:£80, so there's £10 missing. Horizon had no way to track that the exchange rate at the time of the transaction was $100:£70, they literally shipped a billing system that handles ForEx but doesn't understand exchange rates change over time. And then they lied about it and said the software was working correctly! This isn't an issue with "revolutionary new tech" that we don't fully understand, it's simply a fruit of having an accounting system designed with no actual accountants in the loop. If an accountant had made this exact same mistake, their licence would almost certainly be revoked, but it's somehow ok because computers are involved?
> If so, then maybe we can talk about getting bureaucrats involved to make up a bunch of rules and regulations to control everybody
We don't need "a bunch" of rules and regulations. We only need one: You're liable for damages resulting from reasonably predictable outcomes, as judged by a panel of your peers.
0. https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...
1. https://en.wikipedia.org/wiki/British_Post_Office_scandal
On the one hand, the developers who were ultimately tasked directly with building Horizon were completely unqualified to write an accounting system, and lacked even basic knowledge about accounting in general, including fundamental misunderstandings about the very nature of double-entry and ledger-based accounting. From what I can remember from released correspondence, for example, Horizon had fundamental design mistakes that made it essentially not double-entry, particularly when multiple terminals were involved, even when not considering remote changes to accounts.
On the other, the severity of the consequences of the bugs in Horizon came from the behavior of Fujitsu management, the Post Office, and the judicial system, and I'm not sure that individual developers could have reasonably predicted that. The software was used under contracts that tried to make individual users personally liable even for shortfalls resulting from errors in the software. When accounts had shortfalls, the Post Office ignored even basic sanity in favor of insisting on Horizon's unerring accuracy. They abused esoteric powers of private investigation and private prosecution combined with their own vested interests to bring completely unreasonable prosecutions. They, along with parts of Fujitsu, repeatedly made false statements to courts about Horizon's basic operation, if often with enough distance from the actual developers to claim ignorance. The judicial system then operated under delusional and hubristic views on software development and practices around experts, witnesses, and coerced pleas that one might argue no reasonable person would have.
If a clearly negligent and unqualified engineer constructs part of an office building for a business with numerous avoidable tripping hazards that violate even basic standards, it seems reasonable that they might be liable for the injuries when employees trip on them. If it turns out that the business has a special right to shoot its employees with no consequences, decides that it would be better to shoot anyone who trips rather than admit to the building being fundamentally flawed, and then repeatedly has courts approve of its actions, I'm not so sure that the engineer should be held liable for mass murder.
That would put full blame on the tech staff and let the C-suite get away. The success of a software product is measured by sales and user base, so the more successful their sales and marketing are, the higher the damages will be for the tech staff.
I am of the opinion that companies and their management should be personally liable for damages caused by bad software, not their employees. They created the structure, hired everyone (and perhaps didn't hire QA), and invested in it to make a huge profit.