> Until we have a car that kills 500 people because of faulty software, it's just not that important to people, which means there's no pressure in industry to get it right.
I agree with that. But what is your alternate proposal, and where does the pressure to get it right come from in your proposal?
I don't think there's any other way to apply pressure to these companies other than regulation, unfortunately. They don't care much about what we think, and their customers don't care, so outside of forcing them to use a secure system (or else not be allowed to sell their products), it'll never happen.
But what I meant is: where does the "pressure to get it right" come from when government decides to regulate something? If the aggregation of actors' choices in a competitive market doesn't provide pressure to get it right, why would the aggregation of actors' choices in a government provide pressure to get it right?
I'm not saying it would. But the point is that it should, and it's stupid that it doesn't.
It's 2014.
"Someone stole my car by using a packaged exploit that is easier to find and abuse than breaking anything on DVL"
This is just unacceptable.
I think most of us (here) care about the software our cars are running. It's also absurd that we can't access the computers and put our own software on them. It may be difficult to get legislators to realize just how bad this software is and how much important it is to get right, but it's their job to listen. An alternative is to push for openness of these computing devices. Having access to put your own software on any computer you own may enable the existence of open source implementations that are better than the defaults, and sensationalist headlines might get enough attention of the right people to make something happen. "These hackers can keep your car from being stolen, for free."
Alternatively, headlines about this kind of issue need to be more specific. 'Mysterious "black box"' seems like the headline created by someone in the pocket of the industry. Instead, how about a headline like "a black box created by low-tech criminals exploiting massive security holes that car manufacturers know about allows anyone to unlock and start any car". Maybe it's a bit wordy, but it's somewhere to start. And it shines a light on the real problem. It doesn't paint it as a mystery with only the thieves at fault.
I agree with that. But what is your alternate proposal, and where does the pressure to get it right come from in your proposal?