What? No, I wasn't saying it had anything to do with regex itself.
If developers don't understand the relatively simple concepts involved in regex, it's no surprise they don't understand and correctly apply the more advanced concepts found in complex programming.
Lack of understanding of requirements is definitely another problem, as is lack of testing (both automated and human).
Or put another way: most developers don't know what the problem is, don't really know how to solve it, and don't want to verify their thrown together mess actually does what was asked for, beyond very superficial and cursory one-off checks.
Not certain what lack of review oversight means?
> It's an arcane and very compact syntax with very little in common to natural language
That's the thing - it's not really any worse than many other computer languages, when you take the whitespace away.
These are just as gibberish to a newbie or non-programmer as a regex is:
var url=$('a[href^=#]:eq(0)').val();
<?=((int)$_POST['c'])?:__('none')?>
You might not write code like that, but equally regex can be written with whitespace and comments too (and it's a shame that's not the default).
# match entire string
^.*$
# don't match video files
(?<!
\.(?:mov|mpg|mp4)
)
A contrived example, and that first comment is akin to an "increment by one" line, but it hopefully demonstrates the problem is less the language.
The second comment is more the sort that should be written - explaining the intent of the code, so if there's a bug then the idiot in six months time has a chance of knowing whether something unusual is deliberate or the cause. (Of course, any deliberately unusual behaviour should also have suitable positive and negative test cases to prevent regression.)