The latest is a good news/bad news story. The bad news is that Tesla wasn't using code signing to distribute software, something that is pretty much standard in the industry. They knew they should be doing it, but they were dragging their feet. The second thing, it appears, is that they shipped a version of Linux with a security patch needed that they hadn't distributed, and they distributed a web browser, but not the patch to fix a security flaw in it.
The good news is that now Tesla signs its code, and they have been burned. Once burned, they should be less likely to repeat this particular mistake.
The good news is that now Tesla signs its code, and they have been burned. Once burned, they should be less likely to repeat this particular mistake.