C. Warren Axelrod

Vindication for Toyota? Proving the Negative

The lesson I take from the testing of Toyota’s electronics is that, as with security testing, there is a level at which manufacturers of equipment, software, etc. are willing to say that they have tested enough and are willing to take the risk that the products are secure or safe enough. When something bad happens, it frequently is because a decision-maker’s a priori risk estimates were understated. At that point, depending on the nature of the incident (space shuttle explosion, vehicle brake failures, contaminated medications, system crashes), they are willing to expend relatively large amounts of money and effort to find the causes and correct them. While this response is usually required in order to satisfy regulators and regain lost credibility with customers, business partners, and so forth, it comes after the hit has already occurred so that the cost of the incident adds to the cost of remediation. The resulting cost often far outweighs what it would have taken to do it right the first time.

As with safety, so it is with security. How much and what kind of testing is enough? There is an old adage referring to computer software development as follows: “There’s never enough time or money to do it right the first time. There’s always enough time and money to do it over.” If the testing on the Toyota systems had been done before rollout, it would probably still have cost as much to do the testing, but look at all the costs of the recalls and the big hit to the company’s reputation, which they incurred. All that might have been avoided.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*