False dichotomy - I think it should be similar to Kerckhoffs's principle in the long run. OSS yes, but it's signed and audited when it's able to run. Maybe like an open source version of microcode updates for CPUs. You could file a pull request because you spotted a bug but you can't fuck around your car (bad, but not so bad) and other cars (very bad).
If the Toyota code would be public we'd hear a lot of guys screaming and if you own the car and have the knowledge I guess you are keen on looking. Sure lots of noise for manufactures and likely new attack vectors but in the end public universities could look at it. On the other hand you'll end up with OpenSSL for cars.
However it should be still safe when public that what should be the design goal. However what you read about embedded stuff in cars and airplanes...OSS would be likely an improvement. I for one would like to file a pull request against the A380 firmware :)
Does the fact that most of the code in your car is autogenerated from tools like Modelica change your view on how likely this can/should be opened?
That is, the 'model' is the truth and the IP. The generated code is spaghetti, the vendors components are black boxes, and their 'code' is nothing more than another locked subsystem in the model.
Let's say in an ideal world, these mission critical systems must be opened - what do you propose everyone's business model should be? If everyone must see each others models... where is the free market competitive advantage to be gained?
If the Toyota code would be public we'd hear a lot of guys screaming and if you own the car and have the knowledge I guess you are keen on looking. Sure lots of noise for manufactures and likely new attack vectors but in the end public universities could look at it. On the other hand you'll end up with OpenSSL for cars.
However it should be still safe when public that what should be the design goal. However what you read about embedded stuff in cars and airplanes...OSS would be likely an improvement. I for one would like to file a pull request against the A380 firmware :)