Open Source Value Chains for Addressing Security Issues Efficiently

It is suggested to improve the level of security by applying the open source paradigm to the entire IT supply chain and by subjecting the resulting components to verification when required. This would lead to a new trajectory for IT product development which could even increase the efficiency of addressing novel types of hardware-oriented attacks or employing stealthy hardware features. This could require increased transparency of semiconductor fabs. For designing open hardware several nuclei already exist. The proposed path would hold particular promise for security-critical components, which could be specified in such a way as to precisely match hardware characteristics. As some components would continue to be built using existing components for some time, a generalized a priori statement about the security of the complete supply chain, such as "verified" or "proven", will initially be impossible.