Software engineering takes surprisingly little responsibility compared to other engineering disciplines. This seems like a good development to me.
Of course you can't expect someone who just put something online as a hobby project to take much responsibility. But to ask some basic security/reliability from companies, foundations etc... Shouldn't that just be normal?
The overloaded "software engineering" label can also refer to formal software engineering centered around examples of DO-178C for aviation software, IEC 61508 for railway software, ISO 26262 for road vehicle software, EAL5+ for cybersecurity related software, etc. It's somewhat unfortunate the label is also applied to CRUD websites and mobile applications, even there there is a world of difference in the various levels of formal engineering applied.
> CRUD websites and mobile applications
These can be quite intense (but, to be fair there's a ton of dross, there, as well). Probably best to avoid the broad brush.
It's somewhat unfortunate the label is also applied to CRUD websites and mobile applications,
These websites and applications can still have vast security implications depending on what kind of data is being collected.
The advertising industry has done security a huge disfavor by collecting every bit of data they can about everyones actions all the time. Adding some ad library to your website or app now could turn it into a full time tracking device. And phone manufactures like Google don't want this to change as the more information they get, the more ads they can stuff in your face.
> ISO 26262
This is only about safety. As i told to my coleagues in a former workplace: Safety first (that was one of company's mottos), quality second.
To give an example from my software at work, structural engineering: You make a 3D-model (BIM, Building Information Model) of the steel skeleton of some project. The software can than generate 2D drawings, the blueprints. All beams, colums etc should be labeled in the drawing with the steel profile and quality (if non-standard).
However the software has a terrible label placement algorithm that happily switches around the labels of adjacent elements. And it does so without notice after some changes to the model. That is behavior that can lead to pretty dangerous mistakes.
The reply of the software company: you have to check it anyway. That is why you get paid, right?
A lot of software is built on layer upon layer of unknown code and black boxed silicon. It is hard to know how that would work in practice.
> But to ask some basic security/reliability from companies, foundations etc... Shouldn't that just be normal?
For SW ? No way. For electronic components, yes, for mechanical components, yes, but not for software. It is not cool. Fixing bugs is much, much harder than modifying UI elements (hello Google, Microsoft) with every release.