A blog by Oleg Shilovitsky
Information & Comments about Engineering and Manufacturing Software

The importance of software BOM for hardware security

The importance of software BOM for hardware security
Oleg
Oleg
27 January, 2015 | 3 min for reading

smart-products-bom

We live in the era of smart products. Modern smartphones is a good confirmation to that. The average person today keeps in his pocket a computer with computational capability equal or even more than computer that aerospace and defense industry used for navigation. In addition to that, you smartphone has communication capability (Wi-Fi and Bluetooth) which makes it even more powerful. If you think about cost and availability of boards like raspberry pi and Arduino, you can understand why and how it revolutionize many products these days. Although, wide spread of these devices has drawbacks.

Smart products are bringing a new level of complexity everywhere. It starts from  engineering and manufacturing where you need to deal with complex multidisciplinary issues related to combination of mechanical, electronic and software pieces. The last one is a critical addition to product information. Bill of materials has to cover not only mechanical and electronic parts, but also software elements.

Another aspect is related to operation of all smart products. Because of connectivity aspects of products, the operation is required to deal with software, data and other elements that can easy turn your manufacturing company into web operational facility with servers, databases, etc.

As soon as devices are exposed to software, the problem of software component traceability is getting critical. Configuration management and updates is a starting point. But, it quickly coming down to security, which is very critical today.

GCN article – How secure are your open-source based systems?  speaks about problem of security in open source software. Here is my favorite passage:

According to Gartner, 95 percent of all mainstream IT organizations will leverage some element of open source software – directly or indirectly – within their mission-critical IT systems in 2015. And in an analysis of more than 5,300 enterprise applications uploaded to its platform in the fall of 2014, Veracode, a security firm that runs a cloud-based vulnerability scanning service, found that third-party components introduce an average of 24 known vulnerabilities into each web application.

To address this escalating risk in the software supply chain, industry groups such as The Open Web Application Security Project, PCI Security Standards Council and Financial Services Information Sharing and Analysis Center now require explicit policies and controls to govern the use of components.

Smart products are also leveraging open source software. The security of connected devices and smart product is a serious problem to handle. Which brings me to think about how hardware manufacturing companies can trace software elements and protect their products from a potential vulnerability.

What is my conclusion? To cover all aspects of product information including software becomes absolutely important. For many manufacturing companies the information about mechanical, electronic and software components is siloed in different data management systems. In my 2015 PLM trends article, I mentioned the importance of new tools capable to manage multidisciplinary product information. Software BOM security is just one example of the trend. The demand to provide systems able to handle all aspect of product BOM is increasing. Just my thoughts…

Best, Oleg

photo credit: JulianBleecker via photopin cc

Recent Posts

Also on BeyondPLM

4 6
21 March, 2011

One of my blog readers shared with me slides of Paul Saunders presentation about MRO software from the Miami Aircraft...

19 August, 2009

I’m constantly looking for new technologies and perspectives of PLM improvement. For the last time, we discussed many products and...

20 August, 2010

The following publication in VEKTORRUM got me to review again a book “3D Manufacturing Innovation” by Dr. Hiroshi Toriya. I...

25 July, 2011

I can see cloud PLM is trending. The announcements about running on Amazon are coming from multiple vendors. Dassault just...

16 January, 2014

Last year I was writing about PLM and PaaS dilemma. As we move more into diversity of cloud PLM options,...

1 December, 2019

I’ve been following Autodesk development in PDM and PLM space for the last decade. You can check some of my...

5 July, 2010

Last week I wrote about PLM and Open Source Big Games. One of my conclusions was that PLM Open Source...

7 December, 2018

For many years, PLM companies lived with the vision and value proposition of single source of truth (SSOT). Last month...

13 April, 2010

The number of companies and products that are trying to jump into the social tools bandwagon is growing. At the...

Blogroll

To the top