>There are many industries that are very competitive and full of small companies and have regulations, but what most commonly happens in those cases is that the regulations are rarely enforced which nobody much minds because the competition is preventing abusive practices regardless.
Again I don't think this is true at all. Some counter examples: restaurants, electricians, general contractors, engineering firms, beauty salons, and tanning salons.
>None of those things happen at scale. When a doctor makes a mistake, it affects one patient. A single security vulnerability can affect millions of people.
A single bridge failure can affect an entire city, and a large building collapse could cost billions in payouts--yet engineering and construction firms can and do buy insurance to cover these things.
Magnitude isn't a problem here, even insurance companies buy insurance from larger insurance companies.
>It's also a poor thing to try to insure because the main risk factor is code quality but insurance companies are generally not equipped to evaluate that.
Insurance companies are able to evaluate risk factors for every industry--they are better able to evaluate risk than anyone else, and it's not like they wouldn't hire domain experts.
There's nothing special about software in this regard--it's a complex system, but the insurance industry regularly insurances against damage resulting from far more complex systems than software--weather for instance.
I'm not sure if requiring router manufacturers to buy insurance would lead to a net benefit or not, but the problems you're creating have already been solved by other industries. There's nothing magic about software that makes it impossible to insure.
Again I don't think this is true at all. Some counter examples: restaurants, electricians, general contractors, engineering firms, beauty salons, and tanning salons.
>None of those things happen at scale. When a doctor makes a mistake, it affects one patient. A single security vulnerability can affect millions of people.
A single bridge failure can affect an entire city, and a large building collapse could cost billions in payouts--yet engineering and construction firms can and do buy insurance to cover these things.
Magnitude isn't a problem here, even insurance companies buy insurance from larger insurance companies.
>It's also a poor thing to try to insure because the main risk factor is code quality but insurance companies are generally not equipped to evaluate that.
Insurance companies are able to evaluate risk factors for every industry--they are better able to evaluate risk than anyone else, and it's not like they wouldn't hire domain experts.
There's nothing special about software in this regard--it's a complex system, but the insurance industry regularly insurances against damage resulting from far more complex systems than software--weather for instance.
I'm not sure if requiring router manufacturers to buy insurance would lead to a net benefit or not, but the problems you're creating have already been solved by other industries. There's nothing magic about software that makes it impossible to insure.