Causes Of Memory Unsafety


Memory unsafety is a characteristic of many of today’s systems. The root cause of buffer bounds vulnerabilities such as buffer overflows and over-reads is unsafe programming. Major software vendors consistently report memory unsafety problems. For example, the Chromium open-source browser project has stated that 69% of CVEs (Common Vulnerabilities and Exposures) reported relate to memory... » read more

Securing Chip Manufacturing Against Growing Cyber Threats


Semiconductor manufacturers are wrestling with how to secure a highly specialized and diverse global supply chain, particularly as the value of their IP and their dependence upon software increases — along with the sophistication and resources of the attackers. Where methodologies and standards do exist for security, they often are confusing, cumbersome, and incomplete. There are plenty of... » read more

Common Weakness Enumeration


Understanding potential design vulnerabilities up front can help prevent future cyberattacks. Jason Oberg, CTO at Tortuga Logic, talks with Semiconductor Engineering about why CWE is so important, when it needs to be considered, and why no hardware design is completely bulletproof. » read more

2021 Software Vulnerability Snapshot


The Synopsys Cybersecurity Research Center (CyRC) examined anonymized data from thousands of commercial software security tests performed by Synopsys application security testing services in 2020. The CyRC team measured this data against the 2021 OWASP Top 10 list of the most critical security risks to web applications. Key findings in the report include   97% of tests uncovered vul... » read more

Securing 5G And IoT With Fuzzing


5G will revolutionize many industries, with up to 100 times the speed, 100 times the capacity, and one-tenth the latency compared to 4G LTE. But in addition to providing superior performance, 5G expands the attack surface of apps and IoT devices that rely on this next-gen network. In addition to known security exploits, we’re bound to see unknown, novelty attacks. Fuzz testing (or fuzzing)... » read more

SoC Verification From Pre-Fabrication To The Over-the-Air Update


The recent new of attacks on system infrastructures serves to highlight that hardware vulnerabilities in the supply chain are not only possible but inevitable if proper precautions are ignored. Verification throughout the entire supply chain is necessary to ensure the safety and security of hardware. Starting as early as the pre-fabrication stage, vulnerabilities, if left unchecked, can be an o... » read more

Guiding Principles To Ensure Your Hardware Is Secure


The modern society relies on complex, intelligent electronic systems. Automotive, avionics, medical, smartphones, communication and 5G networks, critical infrastructure, data centers, and other applications are ever more dependent on integrated circuits (ICs) that deliver high performance, low power consumption, safety, cybersecurity, and continuity of operation. Hardware is so central to compe... » read more