[weeks]

Code review, trusted build environments and code signing could entirely prevent a single engineer from modifying the code running on the car.

[DeonPenny]

None of those would stop a tech lead or engineering manager

[oldgradstudent]

No, but making an example of him would have reduced the incentive to do it again.

Also, removing him from the the tech lead position would have helped prevent further incidents.

[DSingularity]

Structure as appropriate for the potential for public harm. If necessary, make it required that an executive sign. If you can’t trust your executives then you shouldn’t have projects that can harm the public. They could have killed the Camry driver.

[AstralStorm]

It is more appropriate to say that the Camry driver who was at fault would have caused a fatal accident.

[onetimemanytime]

>>None of those would stop a tech lead or engineering manager

Then something else should. Imagine one guy, gone nuts, changing the code on millions of vehicles in one shot.