BlakFXCybersecurityHackingNSASecurity AuditUncategorizedWork

CISA Releases List of Most Important Hardware Weaknesses

The Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.

Composed of the most frequent and critical errors that result in serious hardware vulnerabilities, the list includes a total of 12 entries, with five additional weaknesses that scored just outside the final list also mentioned.

The list is meant to raise awareness of common hardware weaknesses and to help prevent hardware vulnerabilities at the source.

In addition to instructing designers and programmers on how errors can be eliminated during product development, the list can help analysts and engineers plan security testing and evaluation, as well as consumers to ask suppliers to deliver more secure hardware.

The list is also expected to help managers and CIOs assess the progress of their efforts to secure hardware and to decide where resources should be directed to build tools and automation processes to mitigate a wide class of vulnerabilities.

The final 2021 CWE Most Important Hardware Weaknesses list includes the 12 entries that scored highest during analysis.

 2021 CWE Most Important Hardware Weaknesses

In a similar way to the CWE Top 25 Most Dangerous Software Weaknesses, the CWE team feels it is important to share these five additional hardware weaknesses that were supported by the Hardware CWE SIG yet ultimately scored just outside of the final 2021 CWE Most Important Hardware Weaknesses list.

Individuals that perform mitigation and risk decision-making using the 2021 CWE Hardware List may want to consider including these additional weaknesses in their analyses. Weaknesses on the Cusp are listed in numerical order by CWE-ID.

CWE-226 Sensitive Information in Resource Not Removed Before Reuse
CWE-1247 Improper Protection Against Voltage and Clock Glitches
CWE-1262 Improper Access Control for Register Interface
CWE-1331 Improper Isolation of Shared Resources in Network On Chip (NoC)
CWE-1332 Improper Handling of Faults that Lead to Instruction Skips

The only solution is for data security products that actually protect the data itself.

The Helix22 data security SDK protects all data at rest, in use and in transit.

Review Helix22 API, examples and documentation on our GIT

 

BLAKFX is Based on Success

Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.

                                                                                         

Founder – Robert Statica PhD            Founder – Kara Coppa                   Founder – Alex Maslov MS, MBA                    

 

                               

Co-Founders of Wickr                    KatimTM Ultra Secure Smartphone

 

The wrold's foremost B2B and B2G data security product.
Helix22 – Zero Risk