Fines and rules.
@"Time For a Major Rethink" AC:
My life's not affected at all levels by software exploits. No Windows at home, and my bank etc. are competent so they don't get randomly hacked at regular intervals. The level of product liability you are expecting is excessive, and in a system like this, you would simply end up with no software being written at all. I sure as hell wouldn't write anything if I expected unlimited liability for it. At best, you'd end up with a situation like airplanes -- due to the extremely high costs of certifying any new design, you've got single-engine models still being sold that use 1930's era engine technology and a 1930's era carburetor... newer engines with fuel injection will drop right in, and have been shown to be more powerful, more fuel efficient, AND more reliable, but the certification costs are too high.
Anyway... unfortunately, I find it difficult that the plaintiffs will be able to show harm. The flaws didn't affect them, the flaws have been fixed, and the previous existence of these flaws, good look showing that'll harm the sale price. I seriously doubt this case will get anyhwere.
That said, these flaws were flat-out stupid -- leaving ports open is stupid, and it's particularly stupid to allow the entertainment system direct access to the engine management bus. It's actually common practice among car co.s to either keep them completely segregated -- i.e. no wire between them whatsoever -- or, to filter allowed commands to "read check engine light codes" and "reset check engine light" (if they want to sell the "hit the Onstar button and have them give a vague diagnosis of why your check engine light came on" thing.)
In a typical safety recall, as long as the car company was cooperative, the fines are minimal, beacuse the actual cost of doing the recall is already pretty high (having to replace some physical component on each and every car after all.) I do hope Chrysler gets a nice fine here. Since the costs of a software update are low, they may otherwise see minimal affect on the balance sheet and so not actually learn their lesson that security must be taken more seriously.
Biting the hand that feeds IT
