1. Excellent write-up. There are three different things that need to be looked at: Functionality, security and operations (configuration). And not all of them can be attributed to the same person. In terms of commercial products if configured properly, the problem is the lack of proper quality assurance. FIPS and NIAP fail to properly evaluate products and their security. For Common Criteria it depends on the Security Target and the evaluation depth. The entire system is broken, including the evaluation by NIST and NIAP. While Layer 8 (user) might contribute to security and functionality issues by suboptimal behavior, it all starts with the products themselves.

  2. I believe the trigger point is when it becomes a large human safety issue, like passenger aircraft systems e.g. Boeing max. When a self-driving car kills someone, where will the butt-kicking chain end, CEO or developer? or has it already happened?

    I vaguely recall an old article about the A320, the first fly by wire airliner. The story as I remember is that there are two software systems that were developed by two independent teams that weren't allowed to interact with each other in any way.

  3. (replying to myself I know, but just saw this from Elon Musk. Surely it's just a question of sooner rather than later)

    >Seeing some issues with 10.3, so rolling back to 10.2 temporarily. > >Please note, this is to be expected with beta software. It is impossible to >test all hardware configs in all conditions with internal QA, hence public >beta.


Add comment