These principles capture best practices for collaborating on hardware and software security to deliver projects and products that meet the requirements of system integrators, operators, deployers, and end users. The Chromium project’s Core Principles for security were a source of inspiration, but these principles dive into the realm of hardware engineering.
Security as a shared responsibility
- Security is a horizontal that crosses all verticals. Teams should collaborate on security between all groups across hardware and software.
- Teams should include people with specific security knowledge and experience but also work to empower everyone to make good security decisions.
- Automated tools to test and validate hardware and software security augment human security knowledge and review, improve security integration across components and layers of the hardware and software stack, and prevent regressions.
- Consider how and when system integrators, operators, deployers, and end users make security-sensitive decisions and invest in helping them make better decisions.
- Design security features with sane defaults and limit the proliferation of options to make it easier to build safe server and workload deployments and verify the security of systems.
- When considering security features, weigh trade-offs between security, performance, reliability, usability, and power.
Design for security
- Like performance, power, and die area, security should be on every engineer’s mind through every stage of design and development. Trying to bolt on security as an afterthought is rarely effective.
- Design for defense in depth: hardware is the lowest layer of a secure system. Designing multiple layers of defenses through the software and hardware helps avoid single points of failure and limits the impact of successful attacks. Hardware security partly depends on the software, and software security partly depends on the hardware.
- Design for serviceability: make it possible to deliver security fixes to end users quickly and easily. As far as possible, aim to provide updates without interruption to service.
Be responsive & transparent
- Acknowledge that security is a perpetual challenge. Take security seriously and work hard at it, but accept that you will never be “done” with security work. Perfect security is a myth, and real security is a constant effort.
- Be honest and open about the security capabilities of the hardware. Don’t try to downplay security impacts or hide vulnerabilities. Practice responsible disclosures.
- Listen to users and respond to their needs. Aim to deliver fixes or workable solutions as quickly as possible.
- Every security report is an opportunity to learn and improve. Practice blameless retrospectives.
- Security is not a zero-sum game. We’re all better off when everyone employs the best hardware security tools, techniques, and standards.
- Work closely with system integrators, operators, deployers, end-users, vendors, contractors, and researchers, to help raise the bar for security in the industry by collaborating on open standards, open hardware, and open source projects.
- Benefit from security knowledge, tools, techniques, standards, and solutions from others.
- Release security technologies as open source, open hardware, and open standards.
Licensed under Creative Commons Attribution 4.0 International