EQVSec

"Safety doesn't sell" The '71 to '80 Ford Pinto held its fuel tank behind its rear axle. In rear-end collisions, the tank would explode (or, technically, leak fuel and ignite, causing fatal burns). Internal documents showed Ford knew: Pre-launch crash tests reproduced the failure. Engineers had identified fixes ranging from roughly $1 (a plastic baffle) to $11 per car (more substantial reinforcements), and none were implemented. A cost-benefit analysis assigned a dollar value to expected burn deaths and concluded lawsuits would be cheaper than a redesign. In August ’78 in Elkhart County, Indiana, three teenage girls had stopped on the highway to retrieve a fuel cap that had fallen off their Pinto. A van rear-ended the Pinto, which burst into flames, killing all three. An Elkhart County grand jury indicted Ford for reckless homicide, the first time a US corporation had been charged with homicide for a product defect. Under legal and regulatory pressure, Ford recalled 1.5 million Pintos that same year, the largest auto recall in history at the time, and added plastic tank protectors, mitigating the risk. "Ford had done the math and initially decided it was cheaper to let people die" is accurate, but perhaps trivializes part of the problem. What is the cost of a life? Isn't every product responsible for similar calculations? Ford's infamous calculation valued a human life at $200,000. That figure was the National Highway Traffic Safety Administration's own number, derived from lost future earnings, medical costs, etc. Today that same concept is called the Value of a Statistical Life (VSL). The Department of Transportation currently sets it around $13 million. Every piece of infrastructure exists in its current form because someone decided the next marginal safety improvement wasn't worth its cost per statistical life saved. That number fluctuates, and is apparently affected by inflation, year of assessment, and geographical location or country. The definition of safe is not a binary attribute, but rather a subjective point-in-time judgement, with no real consensus. Ford was acquitted in the Indiana criminal case in March 1980. The Pinto met every applicable federal safety standard at the time it was sold. Other manufacturers held similar fatality stats, but should that exonerate Ford? Compliance is what "safe" means, institutionally. But institutional safety is an economic compromise frozen at a point in time, several years behind what engineers already know is achievable. Are our safety standards determined by compliance, by competitors, or by our own measure of what a human life is worth? Safety is defined by what we don't spend to prevent. Every regulation, every product, every road draws an invisible line saying "beyond this point, the next increment of safety costs more than we're willing to pay." That line is what "safe" means. Not an inherent property of the object, but of the manufacturer's (or maintainer's) perception of how society will judge it. So safety is perceptual. And it is a hindsight trap to imagine Ford had unconstrained budget for safety. Ford's miscalculation was not that it made that compromise. It was that it misread where, in 1970, the line had been drawn.

The only thing I have against Palo Alto is that they took the Expedition project away. Aside from that complaint, I'm pretty enamored with their firewalls. Most of the critical/high vulnerabilities I've seen for them are avoidable if you don't expose your admin interfaces and you avoid using on-prem GlobalProtect VPN (as opposed to Prisma Access VPN).

Take any large organization and look at the number of users sending their sensitive data to LLMs or free online file converter sites. It's unreal. Where does the data go and who has access to it? I wouldn't be eager to call it an incident, but a rapidly growing security gap at least.