SoylentNews is people
SoylentNews
from the you-can't-make-this-stuff-up dept.
A trade magazine, http://www.todaysmotorvehicles.com/article/5-myths-about-connected-cars/ ran this article by Shaun Kirby, Cisco Consulting CTO, "5 Myths About Connected Cars". Haven't read anything this funny all year, some clips include:
Myth: Securing connected cars requires breakthroughs in security technology.
Fact: Connected cars are extremely complex, with many sensors, computers, and networks, along with an ever-growing list of features. Fortunately, technologies already exist that have proven effective in securing some of the largest enterprise information technology (IT) infrastructures. Existing technologies are well equipped to keep drivers and their data safe now and into the future.
...and this one, the punch line at the end had me rolling in the aisle:
Myth: Automakers are responsibile for securing connected cars.
Fact: The vehicle manufacturer is just one link in the security chain. Multiple tiers of suppliers, dealerships, developers of aftermarket devices and services, regulatory bodies, and other industries creating devices and services that interact with connected cars are all responsible for keeping cars and drivers safe and secure.
It is especially important for third parties who provide connected car applications to have secure infrastructures. For instance, a mall operator installing vehicle-to-infrastructure units to guide heavy traffic to optimal parking spots will need to ensure that all the proper security controls are in place.
(Score: 0) by Anonymous Coward on Tuesday September 12 2017, @11:00PM
For anyone thinkin that 'requiring government certification/degrees to become a programmer' is a smart move:
How many of those Automotive engineers working on powertrain modules do you think are *NOT* electrical or mechanical engineers, or maybe Computer Science degree holders?
And if *THOSE* guys keep fucking up software and security, then what is the point in raising the bar, if the top of the bar is still producing shit, but now going it with 4-8 years of education and hundreds of thousands of dollars of debt for no better quality code?
Remember to ask these questions the next time a debate about the professional conduct of computer programmers is brought up. The problem isn't the lack of education, the problem is systemic and bureaucratic failures from the top to bottom in the engineering of the languages, the tools, the education, etc. All because nobody wants to take the time or spend the money to really analyze where the shortcomings are, rectify them, and then go through all the work of testing out the new specifications by reimplementing old and no doubt buggy software to verify that the new versions provide better quality and security code than the old ones, while catching and describing more error conditions that could cause a complete systems failure when such a condition is reached.
Also: Maybe it is time to ensure every piece of hardware includes ECC, and the really critical parts with sufficient excess clocks include checkpointing for the worst case failure mode, So that if an error does occur that is uncorrectable in the current state, it can revert the state to the previous known good data and run another pass before its data is expected to be available. Even then it won't cover all failure modes, but that is about as close to perfect as our technology enables.