Professional bodies act as nothing more then gatekeepers and rent seekers for things of this nature. Anyone can write software, but not everyone writes security minded software.
We already have laws in place, and certifications that help someone understand if a given organization adheres to given standards. We can argue over their validity, efficacy, or value.
The infrastructure, laws, and framework exist for this. More regulation and beaurocracy doesn't help when current state isn't enforced.
There’s a reason why many professions have professional bodies and consolidated standards - from medicine to accountancy, actuarial work, civil engineering, aerospace, electronic and electrical engineering, law, surveying, and so many more.
In most of those professions, it is a crime or a civil violation to offer services without the proper qualifications, experience and accreditation from one of the appropriate professional bodies.
We DO NOT have this in software engineering. At all. Anyone can teach themselves a bit of coding and start using it in their professional life.
Analogous to law, you can draft a contract by yourself, but if it goes wrong you have a major headache. You cannot, however, offer services as a solicitor without proper qualifications and accreditation (at least in the UK). Yet in software engineering, not only can we teach ourselves and then write small bits of software for ourselves, we can then offer professional services with no further barriers or steps.
The mishmash of laws we have around data and privacy are not professional standards, nor are they accreditation. We don’t have the framework or laws around this. And I am not aware of the USA (federal level) or Europe (or member states) or China or Russia or India or etc having this.
For example, the BCS in the UK is so weak that although it exists, exceedingly few professional software engineers are even registered with them. They have no teeth. There’s no laws covering any of this stuff. Just good-ol’ GDPR and some sector-specific laws here and there trying to keep people mildly safe.
> There’s a reason why many professions have professional bodies and consolidated standards - from medicine to accountancy, actuarial work, civil engineering, aerospace, electronic and electrical engineering, law, surveying, and so many more.
Professional bodies = gatekeeping. The existence of the body means that the thing its surrounding will be barred from others to enter.
It means financial barriers & "X years of experience required" that actual programmers rightfully decry.
Caveat: When it comes to anything that will affect physical reality, & therefore the physical safety of others, the standards & accreditations then become necessary.
NOTE ON CAVEAT: Whilst *most* software will fall under this caveat, NOT ALL WILL. (See single-player offline video games)
To create a blanket judgement for this domain is to invite the death of the hobbyist. And you, EdNutting, may get your wish, since Google's locking down Android sideloading because they're using your desires for such safety as a scapegoat for further control.
https://keepandroidopen.org/
> We DO NOT have this in software engineering.
THIS IS A GOOD THING. FULLSTOP.
The ability to build your own tools & apps is one of the rightfully-lauded reasons why people should be able to learn about building software, WITHOUT being mandated to go to a physical building to learn.
To wall off the ability for people to learn how computers work is a major part of modern computer illiteracy that people cry & complain about, yet seem to love doing the exact actions that lead to the death of computer competency.
Professional bodies are a necessary form of gatekeeping for practicing the craft of software engineering professionally.
You are then bringing a whole host of other issues that are related in nature but not in practice: * Locking down of Android ecosystem * Openness of education * Remote teaching * Remote or online examination etc.
Professional bodies don't wall off the ability to learn nor to tinker at home, nor even to prototype or experiment (depending on scale and industry).
You can't confuse all these issues into one thing and say "we don't want this". It's a disingenuous way to argue the matter.
> There’s a reason why many professions have professional bodies and consolidated standards
imo this is sold as "keeping people safe" but in practice it's really a gatekeeping grift that increases friction and prevents growth
You don't want some gatekeeping on who will be doing surgery on you? You do obviously, and medical malpractice is a good thing if there is a problem.
Why don't you want the software engineer building your pacemaker or your medical CRM (or any other job where your immediate security is engaged) to have the same kind of verification and consequences for their actions?
It's mostly the problem of required regulations, so no we don't want mandatory gatekeeeping on surgeons as this is for example leading to doctor shortages
It's fine to set up voluntary standards and choose surgeons you think live up to those
So we want to enable more people to be able to create for example pacemakers because of things like Linus's law, "Given enough eyeballs, all bugs are shallow". If we exclude "non-professionals" from the process of creating "professional" products, we tend to have less participation in the process of innovation and therefore get less innovation
But there is already mandatory gatekeeping of surgeons? They went to medical school for so many years, and they are liable to malpractice if they don't do their job correctly. Engineering is the same. They sign building plans with their names and may be liable for damages caused by gross negligence.
Why shouldn't any self taught "software engineer" be liable for damages they caused due to negligence? If we had to sign off builds of critical components (like a pacemaker to stay with the analogy), there would be way more pushback against malpractice in the development process. Of course not all software projects require that level of rigor, but for medical stuff and I'm sure a lot of other fields, it should be mandatory to have at least one qualified engineer that is ultimately responsible.
1. 99.999999% of software is not equivalent to "doing surgery" so doesn't need gatekeeping. I work on free, open-source PDF reader SumatraPDF. What kind of authorization should I get and from whom to ship this software to people?
2. pacemakers and other medical devices have to get approval from the government. So that's covered.
medical CRM software is covered by medical privacy laws which does what you say you want (criminalizes "bad" software) but in reality is a giant set of rules, many idiotic, that make health care more expensive for no benefit at all.
Adulterated food products, shoddy construction that burns like paper or crumples in an earth quake, snake oil medicine, etc. are well attested in underdeveloped nations and in history at scales far above what we see in societies with the kinds of professional bodies we’re talking about.
That said, the reality is that this safety comes at a cost, both monetary and in terms of “gatekeeping.” And many people would be fine (on paper) increasing risk 0.05% in exchange for 20% cut in costs or allowing disruption of established entities. But those 0.05% degradations add up quickly and unexpectedly.
Equating gatekeeping of professional bodies with grifting suggests you have no experience of why we have professional bodies in medicine or accountancy or civil engineering (to give just a few examples).