|
|
|
|
|
|
by s4mw1se
738 days ago
|
|
|
security starts at the shipping port Just seeing a flood of comments of everyones cheap $10 dollar devices got me thinking… How do you actually check the integrity of the HSM, both at the software level and hardware level? The companies hosted open source repo is only worth a shit if you can verify the integrity of the software on the device. Do any vendors ship with verifiable Hardware Bill of Materials and Software Bill of materials? How do you know the device you got 2 years ago didn’t have a zero day in a common library disclosed a year after? Because if you can’t continuously check the integrity of your device… well you don’t know if it’s actually secure. |
|
|
Traditionally, the industry has been addressing this via audits and commercial agreements.