Without working in the industry, how could someone vet for the internal cybersecurity of an upcoming car purchase? None of these security features seem to be publicly documented anywhere. I have spent a long time looking.
You can't. Heck, it's sometimes hard to tell even when you work inside and have all the docs. The best information you have is to look at the manufacturer's past history as evidence for their future security competence.
Manufacturers also aren't building every piece of software on a given vehicle. Many components will be done by suppliers that range from "meh" to "wtf" when it comes to security. Even the best reviewers will struggle to catch everything a sufficiently incompetent implementation screws up.
