I guess the fact that they got publically pwned by a white hat hacker last year is the reason why GM is now doing something that software companies traditionally do. They have started a bug bounty program:
If you have information related to security vulnerabilities of General Motors products and services, we want to hear from you. Please submit a report in accordance with the guidelines below.
We value the positive impact of your work and thank you in advance for your contribution.
Now this is a good first step. But I will point out that they aren’t the first car company to the table with a program like this. Tesla has been doing this for a while now and they offer up cash. As in up to $10,000 which is a significant incentive to tell Tesla about these bugs rather than tell the world. So I would imagine that Tesla is going to have far more success than GM will. Having said that, I suppose some sort of bug bounty program is better than none whatsoever.