Car Safety Factoids
A few thoughts from a clickbait headline
While Road and Track wins the clickbait war with Tesla Has the Highest Fatal Accident Rate of All Auto Brands, the original story at ISeeCars, The 23 Most Dangerous Cars On The Road, is a lot more nuanced.
The takeaway for car buyers is “When broken out by size, small cars have the highest fatal accident rate while midsize and full-size cars are both below average. While modern small cars benefit from the latest engineering and safety tech, they still have a size and weight disadvantage in accidents with a larger vehicle.” The takeaway for regulators ought to be that the CAFE standards, which exclude light trucks, has created a literal inflation for car size, and it’s killing people. We should adjust the regulations and be cautious about unintended consequences.
But a larger takeaway for me is that we have this data, in a form that ISeeCars was able to analyze. How would similar data look for operating systems involved in account takeovers? What about email client vs phishing success? Some security companies have some data, and they use it for marketing that’s sometimes useful for analysis. But we have data on car crash fatalities because we have the National Highway Traffic Safety Administration's Fatality Analysis Reporting System.
In cybersecurity, we have, uhhh, the wall of shame? We need more, and one of the parts of that will be to define the categories which enable analysis, and who can make good use of those analyses.
In public health, deaths and serious injury were obvious places to collect data. As the field has matured, we’ve learned that non-transmittable diseases (such as diabetes), preventable accidents, and other things have a serious impact on the health of the public, and we’ve started to track those as well. The reason I’ve been working on a public health frame for cybersecurity is it will provide data for questions like “how impactful could a memory safety transition be” or “does MFA help?” (There’s data from Google that says “hell yes,” and data from insurance that it’s meh. It seems likely that the split is “individuals do better, but organizations never get to 100%, so they don’t.”)