It has been reported that Elon Musk told hackers at the private DEF CON conference last week that Tesla will share its security software with other car makers as open source. He says it’s a bid to make autonomous vehicle software safer by opening the software to more scrutiny, according to people who attended the gathering. IT security experts commented below.
Art Dahnert, Managing Consultant at Synopsys:
“It’s promising that Tesla will share its wealth of security knowledge and possible software. The automotive industry as a whole needs to catch up to the rest of the high tech innovators that have embraced an approach fostering open communication when it comes to security. We have seen in the past and in some other industries what occurs when companies use “security through obscurity” to protect sensitive information. It also doesn’t help the cause when those companies “shoot the messenger” over security issues, which is why having a mature security program in place is crucial, especially one that includes a bug bounty program.
While I haven’t yet gathered specifics on what Tesla is planning on releasing, I hope that it is something truly useful across the broad spectrum of automotive companies. My biggest concern is that the material made available is only directly applicable to the Tesla development ecosystem and that very little will be transferable to others. To truly be a leader in the automotive security space, Tesla needs to give the community more than just a token security effort. We all have plenty of that. What we really need is something of substance that can be driven home, wherever that may be.
It’s worth emphasising that just because a code base is open source doesn’t imply that increased security will follow. It’s the distinction between the “activity” of publishing source code and the follow through of accepting security related changes. When coupled with a reality that the developer security experience varies widely, its important to recognise that not all open source eyes are security eyes.”
Marten Mickos, CEO at HackerOne:
“At industrial scale, openness and collaboration beat closed and siloed models.
Elon Musk is an industrialist with the highest of ambitions. Back in 2014 he drove a decision to share Tesla’s battery patents with the whole world. Sharing Tesla’s in-car software under the open source model with others follows the same principle.
This bodes well for the whole industry, including Tesla themselves. Security is not something anyone can accomplish alone. As such, Tesla also announced that if a Tesla owner mistakenly damages their car while looking for security vulnerabilities to report to the manufacturer, Tesla will aim to fix the car at no cost for the ethical hacker. The organizations that not only encourage but also practice openness and transparency when it comes to security research will rise to the tops of their respective fields. They truly understand that in the wake of a data breach, we all lose. With the help of hackers, we all win.”