Why We Need a CWE System for Hardware Security

Today, cyber security attacks are becoming more prevalent and advanced than ever before, introducing a heightened need for better security. Implementing hardware-based security is widely recognized as a best practice, including technologies such as Intel SGX, Intel Boot Guard, Intel Hardware Shield and others.

The existing Common Weakness Enumeration (CWE) system and Common Vulnerability and Exposures (CVE) system are excellent software vulnerability resources for researchers, architects and developers, but the industry needs a better and more in-depth understanding of the common hardware security vulnerabilities taxonomy. The CWE could be enhanced to include information about how hardware-specific vulnerabilities get introduced into products, how they can be exploited, their associated risks, as well as best practices to prevent and identify them early on in the product development lifecycle.

Read the complete article from Intel researcher Jason Fung at Help Net Security on how the industry would benefit from a standardized hardware CWE.

Jerry Bryant
Director of Communications
Intel Product Assurance and Security