Today’s complex systems, controls, and processes have made securing information across a broad range of applications in the automotive, datacenter, edge computing, and aerospace/defense markets a challenge. Most of these systems have potentially vulnerable software and hardware including ASICs, SoCs or FPGAs. Ensuring that the hardware devices our softwares run on do not introduce security vulnerabilities is paramount to the overall security of our systems.
Security typically falls on the shoulders of security architects, software architects and more recently hardware architects. For any given project, teams must derive threat models and determine what assets require protection. For software security, a common resource used to identify potential vulnerabilities has historically been the MITRE Corporation.
MITRE began working on the issue of categorizing software weaknesses in 1999 when it launched the Common Vulnerabilities and Exposures (CVE®) List. As part of the development of the CVE list, MITRE’s team also developed a preliminary classification and categorization of vulnerabilities, attacks, faults, and other concepts to help define common software weaknesses. Today MITRE supplies the Preliminary List of Vulnerability Examples for Researchers (PLOVER), a working document that lists over 1,500 diverse, real-world examples of software vulnerabilities, as well as a list of Common Weakness Enumerations (CWE™).
The standardization of software weaknesses has spawned an entire software security industry to support it. This includes tools and services from well-known providers such as CAST®, IBM® Security Systems, the MathWorks®, Red Hat®, Synopsys® and others.
But what about hardware vulnerabilities? This whitepaper shows how hardware security is more efficient