Security News > 2020 > January > A case for establishing a common weakness enumeration for hardware security

A case for establishing a common weakness enumeration for hardware security
2020-01-13 08:46

Combined with the fact that we are seeing increasingly sophisticated methods to exploit hardware by chaining them together with software vulnerabilities, it's evident that the industry needs a better and more in-depth understanding of the common hardware security vulnerabilities taxonomy, including information on how these vulnerabilities get introduced into products, how they can be exploited, their associated risks, as well as best practices to prevent and identify them early on in the product development lifecycle.

Today, a key resource for tracking software vulnerabilities exists in MITRE's Common Weakness Enumeration system, which is also complemented by the Common Vulnerability and Exposures system.

With the growing awareness of hardware vulnerabilities, the CWE could be enhanced to include relevant entry points, common consequences, examples, countermeasures and detection methods from the specific hardware perspective.

If we expect hardware vendors and their partners to collectively deliver more secure solutions, we must have a common language for discussing hardware security vulnerabilities.

Over the past few years, Intel researchers have been active in raising public awareness on common hardware security vulnerabilities.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/gwuwyQuPOww/