[scrollaway]

Force one, force all. The side effect being that if another manufacturer steals and reuses code under NDA, that'd show up as well.

Calling it "unrealistic" is unrealistic. These companies are not anybody's pet, to be loved and hugged and cared for. We should ask them to release their code, at least to regulation agencies under NDA, because otherwise they harm the health of millions of people for the sake of passing regulations, like in this very case. Don't know about you but I'm in no mood to give them a free pass on this and on top of that, worry about "oh but those poor SOBs, what would they do if their NDA'd code would get leaked"...

Sorry, this is a bit of a hostile answer and it's not meant to be - this entire ordeal is enraging... and I don't see why we should preemptively defend their rights to make money off our own health.

[dsuth]

Don't worry, I'm just as furious as you are! I want realistic solutions though, and I don't think forcing vendors to open their source will fly.

For one, you will never force all vendors to comply, as some are completely outside of the jurisdiction, like China. Secondly, even if you did force vendors to comply, you've just given any new startup a massive leg-up on R&D, which the existing vendors discounted for them.

I don't think it's realistic, and there are already methods by which the code has to be reviewed externally, at least in principle. I want to improve the existing processes, not move to a new model.

[maffydub]

Maybe I misread the article, but I don't think the EFF are actually calling for car manufacturers to _open_source_ their firmware. Instead, I think they're arguing for a DMCA exemption on reverse-engineering the firmware.

At the moment, (allegedly) it's illegal under the DMCA to reverse-engineer car firmware. This obviously stops the research that might have highlighted this. The EFF are suggesting that the DMCA should not apply here, so researchers would be free to work from the compiled firmware (not the source code) to look for issues.

[scrollaway]

> Secondly, even if you did force vendors to comply, you've just given any new startup a massive leg-up on R&D, which the existing vendors discounted for them.

Real talk here: Is that such a bad thing? Why should new companies have to deal with problems humanity has already solved?

[dsuth]

Because this completely dis-incentivises companies to spend money developing features in the first place, and makes it impossible for them to recoup the sunk cost of development over car sales, since they're competing against companies who did not pay those costs.

It's completely unsustainable.

[scrollaway]

It seems to me what's unsustainable is relying on a system built on trade secrets. Something we quickly moved away from in the software world, which has greatly accelerated development, been mutually beneficial to everybody, and certainly hasn't been "unsustainable".

I remember someone comparing, on HN, what "closed source" is to science to what ancient guild secrets were to alchemy. Are guild secrets any more sustainable than closed source?