HARDWARE.md

September 9, 2023 ยท View on GitHub

The Software Supply Chain Stages

PeopleLocal ReqsSource CodeIntegrationDeploymentRuntimeHardwareDNSServicesCloud
DevelopersIDELanguagesSCM providersBuild solutionsServersEmbedded PCURLSaaS solutionsCDN
QA teamSCVFrameworksPull requestsDeployment platformsOperating systemsPCBhostnameThird party APIsCloud services
DevOps teamLocal testsLibrariesSecrets mgmtReleasesWebserversUSB donglePayment gateways
Package MaintainersGit reposPackage ManagersGit reposFunctional testsApplication serversGPU/CPUIdentity Providers
Page BuildersPackagesSecurity testsWeb enginesAnalytics
Open sourceAPI test frameworksDatabasesProxies
Proprietary CodeUnit tests
PeopleLocal ReqsSource CodeIntegrationDeploymentRuntimeHardwareDNSServicesCloud

Hardware

This includes any specific or customized piece of hardware for this application to run.

What's in scope?

  • Proprietary devices
  • Dedicated servers

Examples

Embedded devices, custom PCBs, GPUs

Who owns it?

  • Operations team
  • Cloud provider

What are the security concerns?

  • Hardware devices come with embedded software that is an attack vector
  • Theft of small portable devices like USB keys
  • Modification of the devices by malicious actors

How do I secure it?

  • Buy from known supplier
  • Network analysis so you can detect malicious "phone home"
  • Physical isolation and/or network segmentation