story
imo this is sold as "keeping people safe" but in practice it's really a gatekeeping grift that increases friction and prevents growth
Why don't you want the software engineer building your pacemaker or your medical CRM (or any other job where your immediate security is engaged) to have the same kind of verification and consequences for their actions?
It's fine to set up voluntary standards and choose surgeons you think live up to those
So we want to enable more people to be able to create for example pacemakers because of things like Linus's law, "Given enough eyeballs, all bugs are shallow". If we exclude "non-professionals" from the process of creating "professional" products, we tend to have less participation in the process of innovation and therefore get less innovation
Why shouldn't any self taught "software engineer" be liable for damages they caused due to negligence? If we had to sign off builds of critical components (like a pacemaker to stay with the analogy), there would be way more pushback against malpractice in the development process. Of course not all software projects require that level of rigor, but for medical stuff and I'm sure a lot of other fields, it should be mandatory to have at least one qualified engineer that is ultimately responsible.
2. pacemakers and other medical devices have to get approval from the government. So that's covered.
medical CRM software is covered by medical privacy laws which does what you say you want (criminalizes "bad" software) but in reality is a giant set of rules, many idiotic, that make health care more expensive for no benefit at all.
That said, the reality is that this safety comes at a cost, both monetary and in terms of “gatekeeping.” And many people would be fine (on paper) increasing risk 0.05% in exchange for 20% cut in costs or allowing disruption of established entities. But those 0.05% degradations add up quickly and unexpectedly.
