So I am back after 3 weeks in Europe with minimal time and internet connection, so I did not get any time for posting.
During my trip, this interesting article was published. Check it out:
So my writings and teaching are in part aimed to give teams the testing tools to get information that might avoid such articles. I have minimal insight to specific companies, but the ones I have worked with want to avoid such press and legal actions. Many managers and leaders of companies working with embedded software devices do not always seem to see the importance of good testing, including approaches such as attack based testing (what my book is about). I was lucky because many places I work valued testing as part of their information gathering. They ran scared and needed as much info as possible. True, you can not test everything, but embedded and mobile software can be complex and simple testing only partially works for complexity.
I wish everyone to balance basic check tests and more advanced attacks. The bugs cited in the article match the general error taxonomy history I have worked on for years and confirm the validity of many of the attack patterns in the book.