1. 4

Today researchers at NYU Tandon School of Engineering and the University of Michigan Transportation Research Institute unveiled a software security framework called Uptane, designed specifically to ensure security of over-the-air delivery of software updates to automobiles. Uptane is notable because 1) It is intended to remain secure even if a hacker or insider steals a number of keys or compromises some of the servers, 2) the automotive industry is taking this seriously, with dozens of suppliers and OEMs participating, and 3) the design is open with the researchers providing implementation, deployment scenarios, and other documentation. “Allowing the public to scrutinize Uptane’s security will ultimately improve and validate the design,” said NYU Tandon Professor Justin Cappos, who leads the project. The researchers are openly inviting security reviews / questions from the public. You can see a demonstration of the technology at Reuters' Facebook page here. Given that the security community will have input into Uptane so that issues can be fixed before the system is deployed, will this make you feel safer about riding around in a 2 ton car controlled by 100 million lines of code?