Building security and privacy into product development is more critical today than ever before. First introduced through the Microsoft Trustworthy Computing initiative in the early 2000s, the well-known security development lifecycle (SDL) is a framework designed to do just that. It was originally devised to enhance software security, but an SDL process can and should be applied to all types of products to help root out security and privacy vulnerabilities, while establishing long-term resilience in the rapidly evolving threat landscape.
At Intel, for instance, we’ve taken a holistic approach to SDL, customizing the process to address the highly integrated nature of hardware, firmware and software development. Why? Security researchers and bad actors alike are increasingly focused on trying to identify hardware vulnerabilities. Additionally, hardware security presents a pair of inherent challenges not found in software. First, hardware development cycles are generally longer and more complex due to the various coordination required across the manufacturing process, requirements for specialized components, testing processes in diverse conditions and more. Second, hardware updates are often far more difficult because of physical limitations to the amount of code that fits in a piece of hardware, constant uptime requirements, integration with firmware or software, etc.