Comment Re:they used encryption, hmacs, thought they knew (Score 1) 83
BMW's programmers did as much as I'd expect any application programmer to do. It's then time for the security audit, by a truly qualified security person, to catch the kinds of mistakes that the author caught.
No. Security is not an afterthought or something do be approached at the end. It needs to be an integral part of the software development lifecycle from soup to nuts. Anything else results in "ship it now, we'll fix it later" decisions and we end up where BMW is today.