Comment by leonidasrup

4 hours ago

It looks like the software development at Volkswagen is done by mixed bag of different deparments with different quality.

On one hand you have: Linux at Volkswagen

"Software development without Linux is no longer possible within automotive environment. Therefore Volkswagen Group IT created and maintains a Linux distribution for our developers. This short talk will highlight our starting goal to integrate into the existing environment, highlight our integration problems and solutions with contributing to upstream. Furthermore we will show where Linux desktop need to improve in future iteration to be a good fitting replacement for other systems."

https://media.ccc.de/v/4486-linux-at-volkswagen

On the other hand you have insecure implementation of telemetry: Wir wissen wo dein Auto steht

"Bewegungsdaten von 800.000 E-Autos sowie Kontaktinformationen zu den Besitzern standen ungeschützt im Netz. Sichtbar war, wer wann zu Hause parkt, beim BND oder vor dem Bordell.

Welche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den Schlüssel unter die Fußmatte legt?"

https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-vo...

2 comments

leonidasrup

Reply
podnami  3 hours ago

I’ve spent time doing software at VW and a few of its subsidiaries, and this matches my experience.

Compliance is everything, and SAFe (Scaled Agile) is deployed as a blunt instrument.

Management treats software exactly like hardware production lines—everything is just an "engineering process" that can be optimized on a spreadsheet.

The underlying assumption is that individual engineering talent is just an interchangeable commodity. Once you view developers as replaceable cogs, outsourcing the entire infrastructure to the lowest bidder in India becomes the logical conclusion.

It’s a textbook case of process-over-people driving institutional tech debt.

  • rickdeckard  44 minutes ago

    > Management treats software exactly like hardware production lines

    That's exactly my observation as well. Classic hardware-producing companies have an immense respect on the step of entering mass-production, as whatever issue that slipped through will be multiplied and physically spread across the world.

    So they come from the mindset that the dominant mindset is to minimize the SURFACE-area of potential risk. This makes it really hard for them to compete in software-space, because in software the dominant mindset is to just estimate risk.

    Neither is wrong, but applied vice-versa is.

    - If you treat software like hardware, you end up cutting out everything that could make your product fit more than your decided main use-case.

    - If you treat hardware like software, you're placing a bet on behalf of your customer that the product "will be fine", and a (very expensive) bet that this product won't create an aftermath which may destroy your entire company.

    Companies which can't manage the distinction here end up putting hardware in the hands of customers they should have built differently and then spend all their resources on software updates just to somehow keep the core function working.