I work in the broad "automotive" sector. After ISO-9000 and 14000 and SOX and all the emissions regulations and the emissions documentation regulations and all the other make-work-for-auditing-firms regulations and certifications, the latest craze sweeping the industry is "functional safety." It sounds all well and good, but the requirements to satisfy the certifications are yet another enormous amount of work on top of all the rest, and I fear that companies are yet again getting caught up in the stuff that can be easily audited, and will be "straining at gnats and swallowing camels" when it comes to actual device security. To wit: all the stories about how KIA's are trivial to break into and drive away come to mind.

1990? You can find model years up to 2010 with an in-dash CD player and no screens (that's my litmus test). The BIG problem is that ALL EVs come with full telemetry and drive-by-wire. I'm hoping that someone builds an EV without telemetry and without drive-by-wire - it's one thing to lose control of a server to script kids, it's quite another to lose control of my car. It may be that I'll be limited to a retrofitted older car, but that's okay.

they had complex ECUs with no auditing (some bigot cartel fat cat in the government rubber stamping random shit which may or may not be credible because it came out of some formal methods university doeesn't count) for decades before that just as with all embedded software. and drive by wire as you mentioned i don't think is ever going away.

1990 is a bit of a stretch, I draw my line around the '00s.

How do you have a pre-1990 computing device that supports SSL?

i dont even want tls (since ssl is dead, just like tls will be) in my browser, why would i need that in my car? my car shouldnt have any software ever.

1990?! why that year specifically