You can't. Heck, it's sometimes hard to tell even when you work inside and have all the docs. The best information you have is to look at the manufacturer's past history as evidence for their future security competence.
Manufacturers also aren't building every piece of software on a given vehicle. Many components will be done by suppliers that range from "meh" to "wtf" when it comes to security. Even the best reviewers will struggle to catch everything a sufficiently incompetent implementation screws up.
Manufacturers also aren't building every piece of software on a given vehicle. Many components will be done by suppliers that range from "meh" to "wtf" when it comes to security. Even the best reviewers will struggle to catch everything a sufficiently incompetent implementation screws up.