I work with major automotive manufacturers to develop software for their vehicles. Almost all of the major OEM's are planning to have OTA software updates for their vehicles within the next 2-3 years. Security is always considered and there are plenty of audits and limitations placed on it to keep it secure. Tesla is a bit ahead of the game here, but their software methodology will be the norm.
I too have worked with major automotive OEMs, and all the 'security' I've seen is nothing but lip service. The quality of embedded software in the automotive world is laughable. Forget anything advanced, they're just getting into the what-do-you-mean-bounds-checking stage of computer security.
