A few European countries' "masters of computer science" is just a normal "engineering" degree with a focus on software for any speciality credits. I can call myself an "engineer", even though my software profession does not value the distinction.

Though I'm sceptical it would help. API design is generally not taught in university courses, and perhaps shouldn't (too specific).

I instead feel that GDPR has already done a lot of heavy lifting. By raising the price of "find out", people got a bit more careful about the "fuck around" part. It seems to push companies to take it seriously.

The step two is forcing companies to take security breaches and security disclosures seriously, which CRA (Cyber Resilience Act) may help.... at the cost of swamps of byrocratic overhead that is also included ofcourse.

Bureaucracy is the cost of human laziness...

I mean, do you trust that the chemical industry will self regulate and keep dangerous chemicals out of your drinking water?

Then why do we trust software companies to keep you and your data safe?

We will get more regulations over time no matter how much we complain about it because people are rather lazy at the end of the day and more money for less work is a powerful motivator.

Ye. It's unfortunate that companies cannot responsibly do the proper thing on their own.

Though I wanna raise that, CRA may be an unfathomably high bureaucratic load on software companies. If it were just about security disclosure, it would be quite manageable.

As it is formulated in its current form, CRA sets the general software development industry... to the current industrial automation and automotive standards; which is absurd.

Your comment should be the top post in this thread. Unfortunately, there is a group of HN readers who downvote all comments that suggest we (software developers) should be licensed, even though plenty of other fields require it.

I think we'll need to start pushing on lawmakers.