As the recent global IT outage has underscored, the work of software engineers shapes and impacts our digital and physical realities in increasingly serious ways. Despite their crucial role writing the software code that runs the world, software engineers often lack the professional recognition, authority, and protection afforded to traditional engineers, such as those in civil, mechanical, and electrical disciplines. This discrepancy raises significant challenges regarding quality, safety, and ethical standards in software development. Today, I will explore these differences and advocate for a transformative change in the governance of software engineering, a change that is crucial for the future of our industry and frankly long overdue.
Professional Standards and Accountability
Traditional engineering disciplines operate under rigorous standards and accountability mechanisms. Consider the path of a civil engineer. They must graduate from accredited programs and pass comprehensive exams such as the Fundamentals of Engineering (FE) and Professional Engineer (PE) exams. This licensure, regulated by bodies like the National Society of Professional Engineers (NSPE), ensures they maintain high ethical standards. Licensed engineers have the legal authority to seal and stamp their work, certifying that it meets stringent safety and quality criteria. This seal signifies a binding commitment to public safety and reliability, carrying significant legal implications.
For instance, when a civil engineer signs off on a bridge design, they do so under the strict oversight of professional bodies. If they were pressured to reduce the amount of concrete specified, they could refuse such a request, backed by their professional standards and legal obligations. Deviating from these standards can result in severe legal consequences, including the loss of licensure and even criminal charges. This professional autonomy is critical to ensuring public safety and maintaining the integrity of their work.
In 2018, the collapse of the Morandi Bridge in Genoa, Italy, highlighted the critical importance of these professional standards. The tragedy, resulting in 43 fatalities, was partly attributed to insufficient maintenance and oversight. The engineers responsible for the bridge’s upkeep faced criminal charges, demonstrating the severe consequences of failing to adhere to engineering standards and the accountability mechanisms in place for traditional engineers.
The Path of Software Engineers
In contrast, software engineers, despite rigorous educational paths, typically graduate from programs that lack the same level of accreditation and oversight. Their professional settings are diverse, ranging from developing commercial software products to creating internal applications and services. However, the industry often prioritizes rapid development and cost efficiency over stringent quality and security standards. This reflects a fundamental difference in governance and operational ethos.
Software engineers often face professional powerlessness when directed to compromise on quality, safety, or both. Without the requirement for licensure, software engineers lack a universal governing body to enforce professional standards and ethics. If a software engineer identifies critical security flaws or quality issues, they can be overruled by business decisions. Unlike their counterparts in traditional engineering, software engineers have no professional body to support their refusal to ship unsafe code, often risking job loss without recourse. Lacking this professional agency, software engineers are treated as widgets themselves rather than the accountable professionals that they are.
Industry Practices and Quality Concerns
Business and software management practices further highlight these differences. In the SaaS industry, the emphasis is often on cost-control and rapid development, driven by market pressures and the need for competitive agility. This focus can lead to quality compromises, with software companies potentially sacrificing thorough security, safety, and reliability for speed and cost savings. This approach contrasts sharply with the strict regulatory frameworks governing traditional engineering firms, which prioritize safety and quality above all else. To understand why software engineers have not been similarly regulated, we must examine the history of how traditional engineering disciplines came to be closely governed. The adage “regulations are written in blood” aptly describes this evolution. Many of the stringent standards and professional requirements for traditional engineering disciplines arose from catastrophic failures and public safety crises.
For example, the Great Boston Molasses Flood of 1919, which killed 21 people and injured 150, led to improved construction safety standards and regulations for civil engineering. Similarly, the structural failure of the Kansas City Hyatt Regency walkway in 1981, which resulted in 114 deaths, brought about significant changes in structural engineering practices and building codes. These incidents, among others, underscored the need for rigorous professional standards and accountability mechanisms to protect public safety. As a result, traditional engineering disciplines are governed by stringent regulatory frameworks and professional bodies that enforce these standards.
The Need for Professional Agency in Software Engineering
In contrast, the history of software engineering has been markedly different. Since its inception, software development has often been viewed as an innovative and rapidly evolving field, with a primary focus on creativity and problem-solving rather than life-or-death consequences. Early software development was largely experimental, with fewer immediate and obvious risks to public safety compared to traditional engineering fields.
Despite this historical context, it is increasingly evident that software engineering now plays a critical role in public safety and well-being. Numerous incidents highlight the potential for harm resulting from software flaws. For instance, the 2017 Equifax data breach exposed sensitive information of 147 million people due to a vulnerability in a web application. Similarly, the failure of the Boeing 737 Max MCAS software contributed to two fatal crashes, underscoring the life-or-death implications of software engineering flaws. In 2022, a software error in the systems used by the UK’s National Health Service (NHS) caused a significant outage, affecting patient records and appointment scheduling, leading to delays in patient care, including cancellations of surgeries, and causing significant operational disruptions across the health service.
These examples illustrate that software engineering is no longer a field where the consequences of errors are limited to inconvenience or insurable financial losses; they can directly impact public safety and security. Given these realities, it is imperative to elevate software engineering to the same status as traditional engineering disciplines with the authority and agency to put safety and quality first. This includes establishing professional licensure, rigorous accreditation of educational programs, and robust governance structures to enforce standards and protect public welfare. I am certain that, for every software-based disaster with a material blast radius, there were numerous software engineers voicing concerns about safety, reliability, security, and trustworthiness of software code, only to be dismissed as non-material by the leadership of the organizations they serve.
Advocating for Change
Given the opposition likely to arise from businesses concerned about profit margins, development speed, and market efficiency, it is crucial to address these concerns by emphasizing the long-term market benefits of provable trust. By positioning safety, security, and quality as essential market differentiators, and using well-documented market and organizational failures as cautionary tales, we can shift buyers’ expectations and purchasing criteria. This approach not only counters business objections but also ensures that the market evolves to prioritize the very standards that regulations aim to enforce. After three-plus decades of inaction, it’s clear that only through unifying Engineering authority can we ensure the necessary elevation of software engineering to a profession governed by stringent standards, ultimately benefiting businesses, consumers, and society at large.
Plainly, it is evident that the current authority, agency, and protections available to software engineers is inadequate for the critical role they play. To address this, we must expand existing governance or establish new structures specifically for software engineering. Integrating software engineering into existing professional bodies would involve creating licensure requirements, establishing accredited educational programs, and enforcing professional standards. Alternatively, a new governance structure could be developed, granting software engineers the authority and protection to maintain the highest standards of safety and quality. A potential model for this could be found in the UK’s Institution of Engineering and Technology (IET), which offers Chartered Engineer (CEng) status for software engineers. A similar model has already been adopted in British Columbia, Canada, as “software engineering is a discipline of professional engineering and is regulated by Engineers and Geoscientists BC under the Professional Governance Act”. This legal recognition of software engineering not only validates their expertise but also provides a framework for accountability and professional development. Another potential model could be to ensure that all software designs and controls are reviewed and signed-off by a CEng- or PE-credentialed engineer, even if the actual work of development is delegated to non-Engineer developers.
The time has come to elevate and empower software engineers by aligning their engineering discipline with the stringent standards and governance of traditional engineering fields. By enhancing the quality, safety, and reliability of the software that supports our modern world, we can build a foundation of digital safety, trust, and security. It is crucial that software engineers are granted the professional and legal authority to refuse to release unsafe, insecure, or unsound software. Such changes will improve their professional standing and significantly enhance the safety and quality of software products and services. Believing that no more lives should be risked due to faulty software, we must advocate for the professional agency of software engineers in our society. Together, we can create a safer, more trustworthy digital and (physical) future.
