Please enlighten me on how you've managed to never write any bugs.

Well, not sure DJB posts here, but he has kept it to a minimum.

And this is mostly BS too. People don't write bug free software, they write features.

Other industries had to license professional engineers to keep this kind of crap from being a regular issue.

"Licensed professional engineers" are a software-development myth.

If all our software was as simple as a bridge, then we could have that. A bridge is 5 sheets of plans, 10 pages of founding checks, 30 pages of calculations, 100 pages of material specs. You can read all those in a day. Check the calculations in a week. Next bridge will be almost the same.

Now tell me about any software where the spec is that short and simple. /bin/cat? /bin/true? Certainly not the GNU versions of those.

Software is different because we don't build 1000 almost-identical bridges with low complexity. We always build something new and bespoke, with extremely high complexity compared to any kind of building or infrastructure. Reproduction is automatic, so there will never be routine. Totally different kind of job, where a licensed professional will not help at all.

I hate to be dismissive, but tired old meme is tired.

With what I do I work with a lot of larger companies and get to see the crap they push out with no architectural design and no initial security posture. I see apps with thousands of packages, including things like typosquats. I see the quality of the security teams which are contractors following checklists with no idea what they mean.

Saying that actual professions would make no difference sounds insane to me. Again, to me, it sounds like every other industry in saying 'self regulation is fine, we're special, we'll manage ourselves".

No. Licensed professionals are the engineering checklist people. "Not my fault, wasn't on the checklist, I've used the official approved one".

Licensed professionals checked a dam built by licensed professionals. Dam broke, killed people. Everyone claims to be innocent and the other party didn't read the right reports or didn't report the right problems: https://www.ecchr.eu/fileadmin/Fallbeschreibungen/Case_Repor... It is all just another method of shifting blame.

What really helps more than prescriptive regulation is liability. As soon as there is a strict liability for software companies, things will get better. What could also help is mandatory insurance for software producers. Then the insurance companies will either charge them big bucks or demand proof of safety and security.

> We always build something new and bespoke, with extremely high complexity compared to any kind of building or infrastructure.

Maybe this is part of the problem?

The world of software development is just different. Copying software is a solved problem, it is easy, cheap and totally normal. Whenever you start your software it is going to be copied around a few times. So the trivial "same bridge as last time, just over the next river" doesn't really exist in software. The software world has that situation solved, you get your software plus the (if so inclined) recommended OS and hardware to run it on, install it and you are fine. You can do it 1000 times over and verify that things are the same. You can even do it automatically. You can do it 1000 times over on different hardware, just rerun the test suite if you are paranoid, done. This is the level of triviality that is solved by licensed engineers when doing bridges.

Now in a few years, when maybe 3D-printing for buildings takes off, all that "fun" that is now bespoke software development will also arrive in architecture. THEN things will really be ugly ;)

Didn't say that. But I can't blame the ones publicising the bugs we put in there.