"A Case for Establishing a Common Weakness Enumeration for Hardware Security"
Attacks on modern computers are growing more frequent, pervasive, and sophisticated because they are not only impacting the software layer but also the hardware layer. The industry is bolstering efforts to deliver microarchitectural improvements that address hardware-based security. However, the industry needs a better understanding of the common hardware security vulnerabilities taxonomy. There must be information on how vulnerabilities in products emerge, their possible exploitation, and related risks, in addition to how architects and developers can prevent and identify security flaws in the design and development of products. MITRE's Common Weakness Enumeration (CWE) system and Common Vulnerability and Exposures (CVE) system do not categorize hardware-centric weaknesses. The absence of reference materials for hardware vulnerabilities in the CWE makes it difficult for researchers to share information about such vulnerabilities and for hardware vendors to develop more secure solutions. Therefore, a standardized hardware CWE is needed. This article continues to discuss the importance of hardware-based security, the difference between the CWE and CVE systems, as well as how the industry would benefit from a standardized hardware CWE.