This is what MISRA C and AUTOSAR C++ is for. However I think those only apply to automotive components like the ECU, not the infotainment systems.

But by implication doesn’t this failure mode mean the infotainment system was interacting with the ECU in some manner?

They must given they can react to vehicle speed or prevent access to things while driving etc. I always imagined that to be a fairly hardened API that not even I, after a drunken bender, equipped with Electron, could cause any harm with.

Hmm. Would it be a read only API or can infotainment ever effect change to the vehicle’s operations? My Forester’s vehicle settings (eg. modifying the autonomy features) are managed by the crappy screen behind the wheel rather than the nice touch screen.

The “engineers” live in another country and are paid fifty cents an hour.