> To put it differently: high-security systems programmers don't move their fingers more slowly on the keyboards because "going slow is better". They put checks in place, and they take as much time as is needed to do things right, but padding that time just for the sake of "slowness" helps nobody.
"Being careful" doesn't necessarily lead to slowness directly, but making the carefulness verifiable (and making that verification, by an external stakeholder, mandatory) usually does.
This approach (regulation and inspection by a government agency) is generally how society makes actors internalize otherwise external costs, but there are other variations such as government codes and standards.
Fine-grained mandatory process specification is usually the least desirable route to safety, but that's often what companies end up asking for in return for giving them a pass when the process inevitably fails to prevent a bad outcome with a large blast-radius.
However, in some specific circumstances where you don't have another means, directly enforcing slowness in some way may be your best option for at least limiting the damage caused by a failure, even if it doesn't reduce the chances of an error (though sometimes it does that too). Vehicle speed limits are one example, rate-limits on transactions (or comments) are another. In other circumstances, requiring speed (eg. monitoring with a fast response time, quick deployment of a fix) may be the right choice for limiting the damage a failure can cause.
"Being careful" doesn't necessarily lead to slowness directly, but making the carefulness verifiable (and making that verification, by an external stakeholder, mandatory) usually does.
This approach (regulation and inspection by a government agency) is generally how society makes actors internalize otherwise external costs, but there are other variations such as government codes and standards.
Fine-grained mandatory process specification is usually the least desirable route to safety, but that's often what companies end up asking for in return for giving them a pass when the process inevitably fails to prevent a bad outcome with a large blast-radius.
However, in some specific circumstances where you don't have another means, directly enforcing slowness in some way may be your best option for at least limiting the damage caused by a failure, even if it doesn't reduce the chances of an error (though sometimes it does that too). Vehicle speed limits are one example, rate-limits on transactions (or comments) are another. In other circumstances, requiring speed (eg. monitoring with a fast response time, quick deployment of a fix) may be the right choice for limiting the damage a failure can cause.