Five Tips to Avoid Security Errors in Product Development
White Papers
Riscure, now part of Keysight, has been helping chip vendors and device manufacturers improve the security of their products for years. The security scenario has changed a lot over time. The attacker profile evolved from individuals motivated by curiosity, with very limited resources and attack potential, to well-funded and organized adversaries with malicious motivations and the capacity to execute very sophisticated attacks. At the same time, security awareness also increased significantly. While designers and developers today are more educated and prepared than ever to protect their products against security threats, they still repeatedly make many avoidable mistakes.
Over the last 20 years, Keysight’s security analysts have seen every kind of embedded system, device, and chip imaginable. We have seen vulnerabilities ranging from simple mistakes to major new issues. Ultimately, the root problem for each of these issues is often the lack of knowledge or information.
We asked our world class group of analysts and in this paper, we present the most common issues, categorized by knowledge areas, and recommendations that can help mitigate these issues. Although the collected issues and recommendations are focused on the chip and embedded systems market, most of them are applicable to any other industry.