Due to the significant growth in hardware vulnerabilities, industry leaders have been coming together to discuss the most important security weaknesses to hardware and semiconductors. In early 2020, through invaluable contributions from The MITRE Corporation, Intel Corporation, and Tortuga Logic, a hardware-specific Common Weakness Enumeration (CWE™) taxonomy was born. This taxonomy categorizes common hardware weaknesses that lead to vulnerabilities. The introduction of hardware CWEs was a critical first step to bring the industry together to use common language about how to build more secure hardware but this was just the beginning.
In October 2020, a Hardware (HW) CWE Special Interest Group (SIG) was started to bring industry leaders into a common and consistent forum to discuss additions, changes, and uses of the HW CWE initiative to best serve the industry’s goal of building more comprehensive security programs and products. This HW CWE SIG has had a strong turnout with very active participation from many leaders in hardware security. With close to 100 weaknesses published into the HW CWE database since its inception, the HW CWE SIG quickly realized it was critically important to provide a concise list of the security weaknesses that are the most important to the community so that organizations can focus their efforts on mitigating issues that are likely to be the most impactful if left unaddressed.
As an active member of the Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC) board, I am thrilled to see MITRE has just released The 2021 CWE Most Important Hardware Weaknesses based on the HW CWE SIG’s extensive work on this topic. The 12 most important weaknesses, shown below (not sorted by importance), span across access control, physical side channels, external debugging, cryptography, and several other critical areas.
Our team at Tortuga Logic has been very active in the HW CWE community and we consistently focus our products to solve the most important hardware security weaknesses for our customers. I am pleased to say our existing Radix products address 10 of the 12 Most Important Hardware Weaknesses, in addition to 80% of all CWEs. While very comprehensive, we are actively innovating to address any uncovered hardware weaknesses as they become more important in the industry and to our customers. Security is always a moving target and we are excited to continue to be a part of this initiative to be at the forefront of the solutions.