The Cybersecurity and Infrastructure Security Agency (CISA) today announced the first-ever 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List of common and especially serious mistakes in hardware that can lead to serious security vulnerabilities.
Among the hardware weaknesses are system-on-a-chip, lock bit issues, firmware that can't be updated, and unprotected physical side channels.
"Security analysts and test engineers can use the list in preparing plans for security testing and evaluation. Hardware consumers could use the list to help them to ask for more secure hardware products from their suppliers," according to the CWE site. "Finally, managers and CIOs can use the list as a measuring stick of progress in their efforts to secure their hardware and ascertain where to direct resources to develop security tools or automation processes that mitigate a wide class of vulnerabilities by eliminating the underling root cause."
Read more here.