Open sourcing it is nice and all from an idealist standpoint, but given the complexity of the software (millions of LOC), the fact that all the software would be used in commercial companies, and simply the area itself (cars), do you really think the community would pick up on it? I doubt it. Plus, the researcher did audit it - 18-20 months' work, and that was just analyzing it, not actually improving or fixing it.

Plus there is no car manufacturer ever that would allow anyone to change the firmware on their own.