As an expert, I don't agree with this. Software is no less reliable or insecure as anything else. How many people die every year due to mechanical failures? How many die due to software failures?
Software is homeostatic. It's only as secure or reliable as it needs to be. Your browser crashing doesn't cause people to die, so web browser software writers add complexity rather than reliability.
Conversely, airplane software is much more critical, so is written with higher standards of reliability and expense, but is also vastly simpler compared to a web browser.
I mention airplane software because of the Boeing 737 MAX issue, where software may or may not be the culprit. The software is working as designed, and it's designed to overcome a hardware design flaw that causes the plane to pitch upward, so it pushes the nose down.
And I mention this because your choice of where to place the blame for failures is purely arbitrary. If the narrative is "software is unreliable", then of course you'll point to the 737 MAX issue. But it's not a software problem, the software is working as designed.
The 737 MAX moved the engines forward on the wing. This causes the nose to pitch up. Sensors detect this, triggering a condition that forces the nose down. Sensors gave faulty readings, causing the crash.
So you have a cascade of hardware design flaws -- but you blame the software that is working as designed to overcome the hardware flaws -- which is bug free, working precisely as designed.
Do you want a web browser that occasionally crashes? or do you want a web browser that's 10x slower, has a tenth the number of features, and which doesn't crash as often? I want the browser that crashes.
On the other hand, let's consider software in election machines. This is unreasonably messed up, leading to inherently insecure systems that cannot be audited/verified. How software is used in those systems is fundamentally broken.
Or, let's consider software exposed to the public Internet. After 30 years of this problem being obvious, software writers still inexplicably do not grasp the danger. I'm reminded by a comment on another thread where a software engineer simply cannot grasp buffer overflows.
Their solution was simply "it can be fixed with better testing". No. No amount of testing can find the sorts of bugs that hackers exploit. All the testing in the world won't find these bugs.
Sure, after a vuln has been discovered, you can devise tests that'll find that bug. This may delude you into thinking it's a matter of testing. But that's just hindsight being 20/20. Vulnerabilities are generally things that can only be found reading the code and working backward
So software has problems. But these problems do not come from some sort of moral weakness, like laziness, greed, ignorance, disregard for harm, and so on. Unreliability and insecurity aren't an inherent property of software.
Instead, software is as secure and reliable as we need it to be. Sometimes we misidentify these needs, such as voting machines and Internet exposed devices. But that's a misunderstanding in the design/requirements process, not so much in the software itself.
