
A New Wireless Hack Can Unlock 100M Volkswagens - devy
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/?mbid=social_fb
======
redcalx
1) Expected cost of failure = probability * cost given failure occurs. Many
people will fail to correctly estimate expected cost when the probability is
low but the cost number is high.

2) In this case the probability estimate was also wrong, i.e. lax security
gives a P of a security failure of very nearly 1.0. (I suppose you could argue
that the P estimates made were good based on the information available).

3) There are strong pressures suppressing the information flow coming from
people who can and do correctly estimate the probability and costs. Basically
they're typically dismissed as being OTT drama queens or oddballs. After all,
fixing the problems is a real cost now, versus a possible cost in the future.

------
sounds
The original research being published at Usenix 2016:

[https://www.usenix.org/system/files/conference/usenixsecurit...](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf)

------
james_morton
Once cyber crime + fraud becomes more commonplace I envision security
programmers replacing lawyers.

~~~
jtrtoo
Or the two teaming up, at the very least.

