Assuring software and hardware security and integrity throughout the supply chain

Abstract

There is much talk in government and private sector circles about setting up additional test laboratories for certifying commonly-used software and hardware products. It has also been suggested that quality control and oversight be included at each step of the supply-chain. However, reviews are typically done after-the-fact, and have much less value for controlling processes. Often only when malware or rogue components are discovered in final products are more thorough audits initiated. By then it is often too late to retrieve items already in production. Much damage could have already occurred by the time a recall takes effect. The author has long supported supply-chain customers and entities installing sensors to monitor processes and products throughout the supply-chain life cycle. At various stages, products and services should be sent to laboratories for testing or be subjected to internal tests to verify that they comply with design specifications and external requirements.