MITRE’s hardware CWE database aggregates, in a common form, the hardware weaknesses that are root causes of vulnerabilities. The list is categorized into major themes such as Security Flow Issues, Debug and Test Problems, Memory and Storage Issues, General Circuit and Logic Design Concerns, and others
Hardware CWEs are ideal to be used alongside internally developed security requirements databases and have been developed and submitted by both government and commercial design teams. The CWE list helps teams as they quantify risk exposure and provides a valuable guide for identifying security requirements and secure design. By identifying potential issues early on, the projected cost of a security incident can be significantly lowered.
This whitepaper shows how to leverage CWEs in a comprehensive security program to identify security requirements that may have been missed and to achieve security signoff metrics that make hardware security more efficient.