Chevy and DevOps: What the Wi-fi?

In DevOps: Rapid Feedback, Rapid Repair

BY DEREK E. WEEKS

I’m sure you have seen it too. Chevy and a few other car brands now come with wi-fi. How cool. I want that (and so would my kids). I can only imagine the possibilities.

But, this is not all about my needs. Chevy and every other vehicle maker wants this too. And not for the reasons that you might first consider. Quickly, let me introduce you to some recent software recalls:

These glitches were related to cars losing power, erroneously deploying airbags, and other defects. And these are just a small glimpse of the software recalls that have happened over the past year.

But more troubling is this form of software “recall” from BMW showing a security flaw that could allow cyber criminals to unlock doors on 2.1M vehicles. Because every one of the 2.1M vehicles has the same defective software part, criminals effectively had access to a skeleton key to every one of them.

Image Source: http://money.cnn.com/2014/08/01/technology/security/most-hackable-cars/

In DevOps: Rule Your Supply Chain

The reality is, that your new car has more software in it than you can image — about 100 million lines of code. And, as we know, all software has flaws. But who wants to go to a dealer to get a software update? If my car can connect to the internet and update itself, that would save me an unscheduled trip to the dealer for a repair.

While software updates to cars models in the past were would take 5 years to feed themselves onto the production line, that is now changing. For decades, large automakers like Toyota have been optimizing process for their entire “manufacturing supply chain”. And with the introduction of wi-fi in vehicles, they are expanding their highly-tuned practices to include their “software supply chains”. They know where every piece and version of their software is and who owns it. If a flaw is detected (be it quality, safety, security, or another attribute), they will now be able to automatically update that vehicle. Not only can they remove defects, automakers like Telsa are even making their cars faster.

Imagine the conversations at these auto manufacturers:

“Folks, we have found a glitch.”

“We need to get new versions of our software into the following makes, models, and years of our vehicles.”

“Let’s issue the recall in order to ensure all of these vehicles are safe and in compliance.”

(Soon to be: “Let’s update all of these makes, models, years that are now connected to the internet”.)

In DevOps: Version Everything

For those of you in the software industry, this kind of evolution is at the heart of many DevOps and continuous delivery efforts. Automate everything you can. Version everything you can. Deliver fast, improve visibility, and change fast. In many ways, the addition of 4G LTE Wi-Fi in Chevy Trucks and other brands means that DevOps has entered into our auto and software supply chains. The horses are making strides toward unicorn behaviors.

In DevOps: Before You Can Achieve Compliance…

What have the auto makers learned from the software industry? And perhaps more importantly — when it comes to software supply chain management and continuous delivery — what can we, in other industries, learn from them?

If you want to recall a “part”, you need to know where it lives. For automakers, they know where every single part is across every single make, model, and year of vehicle they have produced. In software, we do not.

Last year, I surveyed 3,300 development professionals who stated that 60% of their organizations could not tell you which open source components they used to develop their applications (and 80–90% of modern applications are now based on open source components).

Can you image if an automaker had no idea what parts were in their cars? If a medical device manufacturer had no idea what parts were used in a pacemaker? Or if a food service provider did not track the ingredients used in their products? Modern society could not function.

Before we can ensure our software is compliant (using latest, safest, appropriately licensed components), we need to first know what we are using.

Do you know what’s in your software?


A final note on software and auto safety: I am the Cavalry (@iamthecavalry) is encouraging the automotive industry to commit to cyber safety. The movement recently published a Five Star Automotive Cyber Safety Framework (PDF download) and calls for Automotive Industry adoption. Media outlets from across the US and Europe praised the effort and joined in calling for automakers and security researchers to work together to ensure a safe future.