"Should" not be violated is the point, though. I agree, it shouldn't. But it is, all the time.
I mean, I'll bet Toyota knew this organizationally. They had security people sign off on the design who all knew how secure key management is supposed to work. They probably reviewed this github release. And it happened anyway.
Maybe they weren't supposed to be production keys. Maybe it was a development key from someone's early cut of the tooling that got mistakenly reused for production. Maybe a script that updated all the keys mixed up which was which.
The point is that the existence of a Clear And Unambiguous Right Thing to Do is, in practice, not sufficient to ensure that that thing is done. The space of ways to mess up even obvious rules is too big.
And that's surprising, which is why (1) it keeps happening and (2) people like you don't take the possibility seriously in your own work.
You're jumping to conclusions in your final statement there. The existence of inexcusable bad practices does not mean we should not try to mitigate against them, and I didn't say we shouldn't.
I mean, I'll bet Toyota knew this organizationally. They had security people sign off on the design who all knew how secure key management is supposed to work. They probably reviewed this github release. And it happened anyway.
Maybe they weren't supposed to be production keys. Maybe it was a development key from someone's early cut of the tooling that got mistakenly reused for production. Maybe a script that updated all the keys mixed up which was which.
The point is that the existence of a Clear And Unambiguous Right Thing to Do is, in practice, not sufficient to ensure that that thing is done. The space of ways to mess up even obvious rules is too big.
And that's surprising, which is why (1) it keeps happening and (2) people like you don't take the possibility seriously in your own work.