This is a very serious matter, but this article omits some important points.
There must be laws and regulations which require every organization handling sensitive information (not only financial institutions and the like) to have sufficiently secure computer systems.
And there must be regular audits of the latter.
Software engineering must be regulated in a manner similar to civil engineering and electrical engineering with respect to reliability, safety, and security.
From the BBC:
Vastaamo hack: My darkest secrets were revealed to the world
<https://www.bbc.com/news/articles/c62nzxqw45eo>
"Software engineering must be regulated in a manner similar to civil engineering and electrical engineering with respect to reliability, safety, and security."
@octade wrote:
«I believe that the U.S. military tried to do this with the Ada programming language. It seems they had a goal to make everything auditable and verifiable.»
Right.
This is an important point.
Indeed the whole story of Ada (now approaching half a century!) is a valuable case study (for one's Unlimited Free Time ™ 🙂).
Not all milk and honey, of course.
But the military know how to take care of their technologies.
Maybe it is clear and redundant to say:
my concern is about civil applications of software engineering.
"Hey, you are making too many different versions of the same thing that do the same thing and with a zillion different unnecessary interfaces and ways to all accomplish the same job. Stick to a simple interoperable scheme that can be audited against a standard."
Many years ago I used to troubleshoot dialup modems. Modems varied wildly in their firmware and AT commands. This caused wild variation in device drivers. And most of that variation was unnecessary. It caused a lot of busy work and wasted time.
A modem should not be a modem. A modem should be a specification. Then devices should be designed strictly around the specification. Apply to all other hardware devices, operating system primitives, boot system primitives, compiler logics and routines, then wash, rinse, repeat ... and things would move closer to an infrastructure that can be strictly audited regardless of the particular implementation.
Anyway consider this a fantasy rant. I don't see it ever happening.
Yes, this is one aspect of this big matter.
Other aspects are, for example, the regulation of manufacturers' responsibilities and regulations about required qualifications to be a software engineer.
I believe that something like this will happen if and when there are acutely bad consequences of a software failure or too many chronically bad consequences accumulate.
