Make Hardware Strong With CWE
By: Sergio Marchese
Addressing security-relevant hardware weaknesses is crucial to designing vulnerability-free IPs and chips.
What is a weakness? And why should we care? These questions are relevant in probably any field or context you may think of, well beyond engineering or electronics. While in some cases the first-level answers might be obvious, in many others they are not. Generally, weaknesses are considered bad things that can lead to malfunctions, injuries, and other undesirable situations. In many cases, they can be mitigated or eliminated. As usual, there are challenges. Firstly, we need to identify the weaknesses. Thankfully, many weaknesses are often known and well documented. Most people regularly practicing sports know that weak core muscles increase the probability of injury, for example. Secondly, we need to decide whether it is worth dealing with them. Nobody likes injuries, no doubt. However, if you are an amateur like me, who likes randomly kicking the ball more than doing plank exercises, you may decide to take your chances. On the other hand, if you are a professional, I am sure your training and support team would not let you get away with that.
I invite you to take a look at the trust and security glossary, download the white paper Trust Assurance and Security Verification of Semiconductor IPs and ICs, and join the LinkedIn group ISO/SAE 21434 Automotive Cybersecurity. And of course, don’t miss the next 6 Minutes of Security blog post!