When we consider software security, we often tend to think only about cloud and mobile applications. What’s often missing in our discussions is the software that exists within hardware components, namely firmware. In today’s world, where attacks can occur at the software or hardware layers, we need to extend our traditional software security models to include product firmware.
There are some trends that indicate product security is highly relevant today. We see a proliferation of IoT devices, along with the integration of OT and IT in critical infrastructure or industrial environments, and the impact of software layer breaches traced to product firmware vulnerabilities. All of this points to the need for us to consider the creation of secure products that encompass both software and firmware.