[granos]

The point isn't for regulators to have to sift through code line by line or do something complicated like verifying compilers. I'd propose that the industry can pretty much do whatever they like in terms of technology, so long as it's inspectable and meets other regulations of course. If they can't provide repeatable instructions for building their code then they should not be working on something safety critical anyway.

I'm not familiar with exactly what software regulations exist today for the auto industry, but certifications for repeatable software processes (including build and deploy) are nothing new.

The point is that we should trust the industry to do the right thing, but also maintain our ability to double check. Until something like the VW defeat scandal happens it doesn't make sense to invest the resources needed to really dig in.

Updates and cheating can be detected by requiring service stations to pull software from randomly chosen vehicles during annual inspections. In the US we could use the standard highway funding threats to require states to enact such laws.