You can also overstate how much engineering generally is about rigorous processes and theoretical correctness as opposed to heuristics and empiricism.
I don't actually disagree with your general point. But there are plenty of examples of civil engineering project failures because of defective materials and the like and there are established practices in many areas of software.
I've worked in engineering outside of software--and was even on track to get a PE--and a lot of that was pretty ad hoc.
OTOH, Heartbleed had as much to do with critical open source code being maintained by someone who was basically doing on a shoestring via donations as a lack of software engineering processes in general.
It's not so much Heartbleed; I agree, that was kind of sui generis. It's just the more general sense in which our field has no guardrails to prevent people from opting for faster/cheaper time to market at the expense of security and reliability. Everyone in this industry is constantly drilling holes through the support beams and hanging whole new floors off them; the buildings collapse every week, and we just shrug.
I'm not even saying things must necessarily change. I'm just making the case that what we're doing isn't engineering.
I don't actually disagree with your general point. But there are plenty of examples of civil engineering project failures because of defective materials and the like and there are established practices in many areas of software.
I've worked in engineering outside of software--and was even on track to get a PE--and a lot of that was pretty ad hoc.