Borges warned in the complaint that if this information were compromised, “it is possible that the sensitive [personally identifiable information] on every American including health diagnoses, income levels and banking information, family relationships, and personal biographic data could be exposed publicly, and shared widely.”
The complaint said any compromise or unauthorized access to the database would have “catastrophic impact” on the U.S. Social Security program, describing a worst-case scenario as potentially having to reissue everyone’s Social Security numbers.
Software engineers really need a version of a PE to mitigate this hellscape. That, and systems like this need a tech equivalent of building codes.
Software engineers are an out-of-shape bunch and definitely need physical education but I’m not sure how that’d help with bad security practices
Didn’t know the jargon, but I totally agree. It is absolutely wild that you can graduate with a CS degree and immediately start working on the largest computing systems known to man without having ever taken a security course or ethics course, studied software engineering disasters, or passed any kind of competency exam.
any version of PE should be revised to include more firm accountability. PE laws are as much about setting up liability scapegoats as anything. the scale of these systems is such that any one individual or small group of culpable individuals isn’t capable of responsibly covering the liability for their decisions. individual PE liability is good for malpractice and whatnot, but the companies that own and derive the majority of the surplus value from building and owning these systems need to be more on the hook too. failing that, PE rules just turn into a way to shunt liability from the company to the individual while retaining profits