It has been reported that Elon Musk told hackers at the private DEF CON conference last week that Tesla will share its security software with other car makers as open source. He says it’s a bid to make autonomous vehicle software safer by opening the software to more scrutiny, according to people who attended the gathering. IT security experts commented below.
Art Dahnert, Managing Consultant at Synopsys:
While I haven’t yet gathered specifics on what Tesla is planning on releasing, I hope that it is something truly useful across the broad spectrum of automotive companies. My biggest concern is that the material made available is only directly applicable to the Tesla development ecosystem and that very little will be transferable to others. To truly be a leader in the automotive security space, Tesla needs to give the community more than just a token security effort. We all have plenty of that. What we really need is something of substance that can be driven home, wherever that may be.
It’s worth emphasising that just because a code base is open source doesn’t imply that increased security will follow. It’s the distinction between the “activity” of publishing source code and the follow through of accepting security related changes. When coupled with a reality that the developer security experience varies widely, its important to recognise that not all open source eyes are security eyes.”
Marten Mickos, CEO at HackerOne:
Elon Musk is an industrialist with the highest of ambitions. Back in 2014 he drove a decision to share Tesla’s battery patents with the whole world. Sharing Tesla’s in-car software under the open source model with others follows the same principle.
This bodes well for the whole industry, including Tesla themselves. Security is not something anyone can accomplish alone. As such, Tesla also announced that if a Tesla owner mistakenly damages their car while looking for security vulnerabilities to report to the manufacturer, Tesla will aim to fix the car at no cost for the ethical hacker. The organizations that not only encourage but also practice openness and transparency when it comes to security research will rise to the tops of their respective fields. They truly understand that in the wake of a data breach, we all lose. With the help of hackers, we all win.”