As far as I'm concerned, security issues (outside of very niche situations) in a product mean that the product was defective. If you sell a defective product, you should be on the hook to correct the defect.
There’s no bright line that defines “defect” and makes this determination. What Hyundai should be considering here is whether consumers will decide that buying a car from a company that doesn’t fully own their security mistakes isn’t worth it.
I agree it's hard to draw a bright line, but I'm personally comfortable erring heavily on the side of defect for security issues.
I'd be willing to agree that certain security issues might not constitute a manufacturing or design defect. If a thought-to-be-secure encryption was cracked tomorrow, that doesn't make products using it defective at the time of manufacture.
The point is, it doesn’t matter. The only thing that matters is how consumers feel about whether the company’s reaction makes them feel like they want to trust that company with their next purchase.
