we are unfortunately not that good at "no bugs". Hard to accomplish if running entire Linux distro on head units.
You can't solve automotive security by being "clever." The software can't have bugs, no way around it. Time to get it right.
-
-
-
it only feels that way because so few have tried. So many are content to report a few bugs, collect a paycheck, then move on.
- 3 more replies
New conversation -
-
-
yep. But is it because sec professionals don't want to do the work. Or because companies don't invest in internal teams.
-
I don't think auto cos are being sold on it. I think lots are saying "use a bug bounty." People do what they're sold.
- 5 more replies
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
it won't solve all issues, but it might help to pick up some learnings from aviations software engineering
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
could mandate that all suppliers follow certain sec standards (sdlc etc) and components undergo sec review. Prob not enough
-
That's what SAE J3061 try to bring :)
End of conversation
New conversation -
-
-
still need both. Skilled and motivated engineers to build security in. Offense to validate.Need more of the former though
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
sadly true, most interesting problems are undecidable, not just halting. Automated finding/exploiting is at least sometimes feasible
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.