7 Embedded Firmware Security Questions Risk Managers Should Be Asking

February 15, 2017

The security (or more likely, the insecurity) of embedded firmware running on connected IoT devices continuously comes to light. Risk managers and other stakeholders are compelled to address expanding and evolving IoT security issues, yet the odds are against them without a clear place to start.

Luckily, risk management professionals can begin with these 7 embedded firmware security when dealing with security on connected devices:

  1. Have secure coding practices been used to build this device?
  2. Has/have the compiled firmware image/images been tested for vulnerabilities?
  3. Has a firmware update process been defined?
  4. What are the possible threat environments for this device?
  5. Who's at risk should an attack occur on the device?
  6. Who's at risk should an attack occur using the device as a attack vector?
  7. Is there published information about using this type of device in attacks and, if so, what can be learned from this information and/or past attacks?


Learn more about Firmware Evaluation Services for Risk Mitigation.