I agree that regulation might point you in the right direction, but if the company is not commited to quality, I think it's very hard (and unlikely) for regulation to make the company change its bad habits. What I've seen is regulation stifling change, freezing projects, and creating more bureaucracy.
In the particular company I work for (financial sector), there has been an increase in regulation and auditing of security practices. They're still really bad, you've seen endless posts here decrying the awfulness of some banking security practices. The worst thing is, they've probably been audited and made to pass some kind of regulatory standard, and the very fact they had to go through all that makes it harder to change (even if they're awful) since managament isn't willing to authorize it, especially since it doesn't affect the bottom line.
If more people have to resign (like the Target CEO), maybe things will change, but I suspect IT people will become scapegoats instead.
Agree that you have to actually be committed to improving the quality, you can't paper over holes in this and expect good results. If there is genuine disinterest at the management level in making better quality software for whatever reasons, you're probably screwed regardless of what you try.
In the particular company I work for (financial sector), there has been an increase in regulation and auditing of security practices. They're still really bad, you've seen endless posts here decrying the awfulness of some banking security practices. The worst thing is, they've probably been audited and made to pass some kind of regulatory standard, and the very fact they had to go through all that makes it harder to change (even if they're awful) since managament isn't willing to authorize it, especially since it doesn't affect the bottom line.
If more people have to resign (like the Target CEO), maybe things will change, but I suspect IT people will become scapegoats instead.