[trustable-software] I fear we need trustable hardware too...
paul.sherwood at codethink.co.uk
Thu Jan 4 11:10:21 GMT 2018
When this discussion list in 2016 we were already seeing enough news
headlines to realise the scale of the elephant in the room for software
Now it's becoming clear  with the discovery of the Meltdown + Spectre
 vulnerabilities (and Rowhammer), we have to think about the elephant
underneath... in the hardware.
My immediate emotional reaction has been to worry that this is just
another signal that what we're thinking about is futile. What's the
point of trustable software, if we can't trust the hardware?
After reflection and discussions with colleagues, we broadly concluded
that discovering a secret tunnel into the basement doesn't reduce the
need for us to fix the front door lock.
I need to re-scope and re-think some of my presentations and diagrams to
include hardware, and expressly escalating hardware risks for customer
But I'm interested to get others' thoughts on this, in the aftermath...
- are we wasting our time?
- is there any of what we are thinking about that re-applies to
More information about the trustable-software