That firmware written in C for a for-profit company is shoddy should surprise no one. Rather, non-shoddy software really would be the surprise. There is a tremendous lack of understanding of the 'rest of the software world' in the embedded world, heightened by people who neither studied, wanted, nor trained for developing software.
This is a perfect example of software development done without management maturity, process maturity, and with inferior technical tools. That large scale systems for life-critical services are written in ASM/C is horrifying. That management did not enforce certification compliance is horrifying. That the correctness process did not account for tin whiskers or ECC memory is horrifying. That the engineers violated MISRA (which evidently they attempted to adhere to) is less horrifying, but still bad.
Let's just say that this is an incredibly readable discussion on how to do safety critical software wrong in many, many, many ways. Everything from using binary blobs to using gratuitous amounts of globals (> 10,000 ?!?!) to not having an issue tracker(!!?!?!).
At any rate, this document counterindicates buying a 2005 Camry.
This is a perfect example of software development done without management maturity, process maturity, and with inferior technical tools. That large scale systems for life-critical services are written in ASM/C is horrifying. That management did not enforce certification compliance is horrifying. That the correctness process did not account for tin whiskers or ECC memory is horrifying. That the engineers violated MISRA (which evidently they attempted to adhere to) is less horrifying, but still bad.