The Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.
Composed of the most frequent and critical errors that result in serious hardware vulnerabilities, the list includes a total of 12 entries, with five additional weaknesses that scored just outside the final list also mentioned.
The list is meant to raise awareness of common hardware weaknesses and to help prevent hardware vulnerabilities at the source.
In addition to instructing designers and programmers on how errors can be eliminated during product development, the list can help analysts and engineers plan security testing and evaluation, as well as consumers to ask suppliers to deliver more secure hardware.
The list is also expected to help managers and CIOs assess the progress of their efforts to secure hardware and to decide where resources should be directed to build tools and automation processes to mitigate a wide class of vulnerabilities.
The final 2021 CWE Most Important Hardware Weaknesses list includes the 12 entries that scored highest during analysis.
In a similar way to the CWE Top 25 Most Dangerous Software Weaknesses, the CWE team feels it is important to share these five additional hardware weaknesses that were supported by the Hardware CWE SIG yet ultimately scored just outside of the final 2021 CWE Most Important Hardware Weaknesses list.
Individuals that perform mitigation and risk decision-making using the 2021 CWE Hardware List may want to consider including these additional weaknesses in their analyses. Weaknesses on the Cusp are listed in numerical order by CWE-ID.
|CWE-226||Sensitive Information in Resource Not Removed Before Reuse|
|CWE-1247||Improper Protection Against Voltage and Clock Glitches|
|CWE-1262||Improper Access Control for Register Interface|
|CWE-1331||Improper Isolation of Shared Resources in Network On Chip (NoC)|
|CWE-1332||Improper Handling of Faults that Lead to Instruction Skips|
The only solution is for data security products that actually protect the data itself.
The Helix22 data security SDK protects all data at rest, in use and in transit.
BLAKFX is Based on Success
Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.
Founder – Robert Statica PhD Founder – Kara Coppa Founder – Alex Maslov MS, MBA
Co-Founders of Wickr KatimTM Ultra Secure Smartphone