[SystemSafety] The VW Saga

RICQUE Bertrand (SAGEM DEFENSE SECURITE) bertrand.ricque at sagem.com
Mon Oct 12 11:32:33 CEST 2015 

I am in a trans sector workgroup. One of our automotive colleagues explained us that there is already an emerging “market” of tools to access the SW of cars and that the trend is that such tools will be more and more accessible on internet. This will slowly but surely enable any automotive geek to customize increasing parts of his car. This is more or less like reconfiguring your mobile from scratch.

Bertrand Ricque
Program Manager
Optronics and Defence Division
Sights Program
Mob : +33 6 87 47 84 64
Tel : +33 1 58 11 96 82
Bertrand.ricque at sagem.com

From: Matthew Squair [mailto:mattsquair at gmail.com]
Sent: Monday, October 12, 2015 11:22 AM
To: Peter Bernard Ladkin
Cc: RICQUE Bertrand (SAGEM DEFENSE SECURITE); The System Safety List
Subject: Re: [SystemSafety] The VW Saga

'm sure it could be done. But maybe testing more realistically so that the test can't be spoofed might be easier? As I understand it that's how the VW issue was found in the US?

Matthew Squair

MIEAust, CPEng
Mob: +61 488770655
Email; Mattsquair at gmail.com<mailto:Mattsquair at gmail.com>
Web: http://criticaluncertainties.com

On 12 Oct 2015, at 8:15 PM, Peter Bernard Ladkin <ladkin at rvs.uni-bielefeld.de<mailto:ladkin at rvs.uni-bielefeld.de>> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2015-10-12 10:48 , RICQUE Bertrand (SAGEM DEFENSE SECURITE) wrote:

It depends.

It sure does!

(I'm slowly beginning to think this is your way of saying "Hi everyone!" :-) )


It raises interesting questions. Can the retrofit be mandatory ? How can the usual periodic
tests (very generic) discover a problem designed to be hidden ?

The questions are indeed interesting, and complicated. I raised this issue a while ago (in 2014, I
think) privately. Both colleagues thought one could never get companies to agree to open up their
SW IP (as Naughton points out, an increasing portion of the value of a product) to third-party
inspection. But one of them thinks it an appropriate measure, as I do.

It can't be impossible. For a long time, companies have had to open their finances to independent
inspection once a year. For financial companies (some of the very biggest companies), almost their
entire IP consists in that. It also doesn't always work (Enron, WorldCom, Lehmann, Madoff). But it
mostly does.

So it can be done. What's different about the case for SW?

It would have to be done through legal instrument, as with finances. And if just one country
passes such a law, then there is the danger that multinationals will just stop selling their
products there.

But I bet there's a way somehow.

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de<http://www.rvs.uni-bielefeld.de>




-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJWG3omAAoJEIZIHiXiz9k+7TkH/jHrosRlDEP8ZXPabMl/a376
uxSPWeghLO+2Vrtf3Q1PxkWt5Ry57IM05A665P+hDEm4raQWuSXwG7HPNMlDyZH4
j+nVSO+sFYN45ZUM38gev0msv2FYKSym9DrVASv/GXFDJ8mDUKYlAo/ClWipCamC
pxpUzC+D/W4eMd+as1BeIwUco1NaNZjbiDtOKq48FfVajkz0iszXdBo0Hx/L5srh
SJF7466TNgmHxrwI/rFkCcTm1fCqdCwI9iVdVshmj5gvpWhCzNOnz0mTvArqRibp
vD1TeLXrDaY/Ewjph8LM4xkg2ud1zw2RFq4vTCs3dP6ch2UteYQYgLn4IZj62oI=
=DMHm
-----END PGP SIGNATURE-----
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at techfak.uni-bielefeld.de>
#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20151012/fdcf61af/attachment-0001.html>

More information about the systemsafety mailing list