> if you take the requirements for a PE in other branches of engineering as a guide would probably exclude anyone without the appropriate degrees and other requirements--to have ethical standards.
How would one know one is meeting ethical obligations if they havn't been educated. Password storage, for instance, it's not obvious to many people why plain-text password storage is bad -- it _still_ happens at companies to this very day.
I'm all for people being able to code and do their own work, just like you should be able to build your own shed or house as long as it meets building codes. Maybe we need the equivalent of building codes (except not proprietary). The GDPR and the California Consumer Privacy Act are sort-of the start of that, I think.
>How would one know one is meeting ethical obligations if they havn't been educated.
I probably wasn't clear. Ethics courses should probably be more common (and embedded in engineering curricula more) although they are certainly available.
My comment about the PE is that it typically requires, for example, a four-year bachelors degree in engineering in addition to other requirements. [1] Thus, moving to a more formal professional structure in this manner would basically exclude career shifters, boot camp grads, self-taught programmers, etc.
> I probably wasn't clear. ... My comment about the PE is that it typically requires, for example, a four-year bachelors degree in engineering in addition to other requirements.
I may not have been clear; how do you know you've built a building that fulfills your ethical obligations if you don't know how to determine so? i.e. you're ethically obligated as an engineer to not build something you know (have determined to the best of your knowledge) is unsafe to use, but how do you do that if you don't know how to? (Especially when there are _many_ people who could.)
Basically I'm saying that you can't have (professionally required) ethical obligations without also having the knowledge and ability to fulfill said obligations.
For issues that aren't a matter of life-or-death, like the vast majority of software, yeah, strict licensure is probably overkill and against the spirit hacking.
However, that people aren't licensed EEs doesn't prevent them from tinkering with arduinos or SDRs; they simply can't sell their skills specifically as an electrical engineer.
I think there is some sensible ground between where we are now and not being able to program without a license (which would be a dystopian nightmare). As I mentioned, clear "building codes", better and more comprehensive best practices (e.g. OWASP), and having said things built into contracts or projects designs from the start, not as afterthoughts (i.e. having business take said best practices seriously).
In the building case, you probably won't be the only set of eyes on it.
But to the greater point, I guess the ethical principle is don't do things that can put people at risk if you know you don't know what you're doing--much less put people at risk because you just don't care or want to take shortcuts.
If you think you know what you're doing but don't? I'm not sure how an ethics course or even a license is going to help there. Because you think you're doing things safely. Arguably, you're not even being unethical, just incompetent.
Now, a license is supposed to be something of a guarantee of a minimum level of competency. But it's pretty minimal. After all, it basically just means you do have an appropriate degree, have worked in the field under someone for a few years, and have passed some standardized test. All that suggests you know (or once knew) something about the basics, but not a lot more.
ADDED:
>However, that people aren't licensed EEs doesn't prevent them from tinkering with arduinos or SDRs; they simply can't sell their skills specifically as an electrical engineer.
In at least most states in the US, sure they can. (And in the ones that theoretically prohibit you from calling yourself an engineer if unlicensed, that's almost universally ignored.) I've known tons of people who have worked or work as electrical engineers and I'm sure few of them have PEs. You don't need a PE for most jobs. Though it's probably more common with civil engineering.
I think part of professionalization would include your professional organization having come up with a set of standards for password handling that must be followed under penalty of professional sanction, having those available online and in printed form, and having courses that programmers could take to help them work under those guidelines efficiently.
Programming seems like a job particularly suited for professionalization, simply because programmers have to constantly be learning new things, and that's a thing your local org could provide to keep the lights on rather than relying completely on dues payments. If they were a blanket organization, they could even control supply through raising standards, and could certainly detect wage-fixing collusion easier than individuals.
Having clear guidelines and a place to find instruction that supports those guidelines makes "If you think you know what you're doing but don't?" a pure ethical problem. You either checked or you didn't.
Maybe look to the National Association of Realtors for a framework.
How would one know one is meeting ethical obligations if they havn't been educated. Password storage, for instance, it's not obvious to many people why plain-text password storage is bad -- it _still_ happens at companies to this very day.
I'm all for people being able to code and do their own work, just like you should be able to build your own shed or house as long as it meets building codes. Maybe we need the equivalent of building codes (except not proprietary). The GDPR and the California Consumer Privacy Act are sort-of the start of that, I think.