> Medicine has incredibly rigorous engineering processes (...)

You're confusing with mechanical engineering applied to medical devices with medicine.

It's like claiming bakeries have incredible rigorous engineering processes just because mechanical and industrial engineers design devices and automate processes.

Not the same thing, is it?

> See: ISO13485, IEC60601, QMS, etc

You're just pointing to standards that engineers working on specialized devices need to comply. One covers quality assurance and the other is focused on specialized electrical equipment.

That's true, those are merely popular examples of how engineering is done in med device, and not specific to the software side, though there are standards and guidance documents for specific fields. I didn't want to get too off in the weeds. But to be a 13485-compliant device developer, you need to have a competent requirements-driven, verified and validated development cycle, release process, and a complete design history with traceability all throughout, so you can immediately link problems to the actual components that caused them.

As an analogy, it takes the bill-of-materials approach done by popular package managers and makes it a whole lot more rigorous.

I do this, and it's a little onerous, but it's mostly just half-decent engineering. E.g. every commit has a ticket; every ticket has clear test criteria and a requirement to link back to (also a ticket, sometimes), every PR has a reviewer, every PR is tested by someone, every release knows what commits it has in it. Most of it can be done by Jira (or similar) and Git, and a fairly normal process. Not a Amazon-style 1000 changes a day sort of process, but still.

> But to be a 13485-compliant device developer, (...)

Those would be engineers, mainly mechanical engineers or electrical engineers.

I find that it’s more popular to pontificate about what it means for software to engineered to a high standard. That sorta rest on ignoring the fact there are localized fields where we know how to do it. People want to talk hypotheticals rather than go see how we do it.

We know how, it’s just slow, expensive and the tooling isn’t some fantasy perfect environment where safety and effectiveness is already built in and developers just do the business logic.

Do we know how? When I look at things like ISO 26262 I see an attempt to use poor tools to cobble together something barely adequate with the expenditure of an enormous amount of human labour. The results are nothing to write home about.