(no title)

Jail time for bugs that should have been preventible and caused harm to users. Mistakes and bugs happen, but we also have methods of mitigating them. Standards, quality controls, tests, analysis, and other care. I specifically said jail time for gross negligence because that means not taking care and allowing harm to users.

If you had an error that leaked private information, it's worth an investigation. If it made it through despite controls, that's understandable. If they find you failed to do analysis on the risk to users privacy, if you failed to have controls in place, if you didn't code review or test the code, then you have made specific choices that harmed users. That should be criminal.

We need to take software engineering seriously as a discipline. We have the potential to do more wide scale aggregate harm than any structural engineering collapse. We need to start acting like it.

Nobody said jail time for bugs, and phrasing that way is intentionally obscuring the debate. Gross negligence is an entirely different standard than just software bugs.

But why do financial services bugs garner a higher penalty than one that exposes private photos? This is an argument for regulation.

> Security is important but it this was the standard I'm not sure that any company would still exist.

This is true and it's also the reason why there are more software vulnerabilities than necessary. Software could be a lot more secure. There will always be bugs, but its is possible to build software and platforms with many fewer vulnerabilities. But it's expensive, so we don't, and users suffer the consequences while the companies shrug their shoulders and count their money.