Skip to content

Point of View: Chrysler recalls 1.4 million hackable cars

    
Point of View: Chrysler recalls 1.4 million hackable cars

“The interesting thing about this recall is not that it’s going to be expensive and inconvenient (it will), but that it shouldn’t have had to happen.  We already know the importance of auto-update.  Remember those painful years of downloading Windows updates only to have them fail, crash, and re-release.  If cars are going to have software, then they absolutely need to have auto-update. What consumers driving these cars don’t realize, is that software is backed by millions of lines of code. And as more and more critical devices are connected to the internet – securing that code has never been more important. There will be more and more of these vulnerabilities discovered in cars — we’ve only just scratched the tip of the iceberg here.  Automatic update ensures that as these holes are discovered we can deal with them quickly, without exposing large populations of people. 

Otherwise, we basically guarantee that a large percentage of the cars on the road are going to be driving around with known vulnerabilities.  And that doesn’t just put the driver and passengers at risk.  That exposes all the people driving around them.  I think there’s a strong case for government intervention to keep the roads safe.  But I’m curious if the auto insurance industry could be influential here — maybe offering discounts for vehicles that automatically update themselves with improved security and better safety features.”

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.