Internet of Things Survey

1. How well has your design implemented a trusted boot process and how effective are your countermeasures?

We are not familiar with these implementations and do not have any countermeasures.

We are not very familiar with the measures mentioned, but currently do not have any implementations.

We have some idea of the measures mentioned. Our design is enhanced to compensate for some attacks, but given more funding we would be able to implement more countermeasures.

We have a good understanding of a majority of the measures mentioned, and certain countermeasures have already been deployed.


We have a clear idea of vulnerabilities (e.g. Boot mode switching, bootloader validation) and have implemented efficient countermeasures.


2. How well has your design implemented protections and countermeasures for hardware exploitation?

We are not familiar with the implementations and do not have any countemeasures

We are not very familiar with this area of exploitation and do not currently have any countermeasures.

We have some idea of this area of exploitation. Our design is enhanced to compensate for more general attacks, but given more funding we would be able to implement more countermeasures.

We have a good understanding of a majority of the attacks in this area, and certain countermeasures have already been deployed.

We have a clear idea of every vulnerability in this area (e.g. Disabling debug ports, balancing encryption and decryption) , and have implemented every possible countermeasure in our implementation.


3. How well has your design implemented protections and countermeasures for chip-level exploitation?

We are not familiar with the implementations and do not have any countemeasures

We are not very familiar with this area of exploitation and do not currently have any countermeasures.

We have some idea of this area of exploitation. Our design is enhanced to compensate for more general attacks, but given more funding we would be able to implement more countermeasures.

We have a good understanding of a majority of the attacks in this area, and certain countermeasures have already been deployed.

We have a clear idea of every vulnerability in this area (e.g. laser attacks, SEM circuit editing), and have implemented every possible countermeasure in our implementation.


4. How well has your design implemented protections and countermeasures against encryption-based attacks?:

We are not familiar with the implementations and do not have any countemeasures

We are not very familiar with this area of exploitation and do not currently have any countermeasures.

We have some idea of this area of exploitation. Our design is enhanced to compensate for more general attacks, but given more funding we would be able to implement more countermeasures.

We have a good understanding of a majority of the attacks in this area, and certain countermeasures have already been deployed.

We have a clear idea of every vulnerability in this area (e.g. Utilizing sub-standard encryption algorithms, not utilizing encrypted channels), and have implemented every possible countermeasure in our implementation.


5. How well has your design implemented protections and countermeasures against remote attacks?

We are not familiar with the implementations and do not have any countemeasures

We are not very familiar with this area of exploitation and do not currently have any countermeasures.

We have some idea of this area of exploitation. Our design is enhanced to compensate for more general attacks, but given more funding we would be able to implement more countermeasures.

We have a good understanding of a majority of the attacks in this area, and certain countermeasures have already been deployed.

We have a clear idea of every vulnerability in this area (e.g. Exploiting wireless debug ports, etc.), and have implemented every possible countermeasure in our implementation.


6. How well has your design implemented protections and countermeasures against software exploitation?

We are not familiar with the implementations and do not have any countemeasures

We are not very familiar with this area of exploitation and do not currently have any countermeasures.

We have some idea of this area of exploitation. Our design is enhanced to compensate for more general attacks, but given more funding we would be able to implement more countermeasures.

We have a good understanding of a majority of the attacks in this area, and certain countermeasures have already been deployed.

We have a clear idea of every vulnerability in this area (e.g. Stack overflow, fuzzing, etc.), and have implemented every possible countermeasure in our implementation.


7. Overall, how prepared are you to deal with reported vulnerabilities?

You mean hackers? They should go to jail for what they find in our products!

We know of people who report vulnerabilities but do not have a system implemented to deal with these problems. We do not attend security conferences to learn more about these systems.

We have some people who report vulnerabilities to us, though we do not have a formal bug bounty program. Usually these vulnerabilities end up in the designers' hands to deal with.

We have a good relationship with individuals who report vulnerabilities. We also have a bug bounty program and a dedicated department to deal with this. However, it could be expanded and optimized further.

Reported vulnerabilities are very well dealt with. We encourage individuals to find and report vulnerabilities through a bug bounty program. We also give rewards for finding vulnerabilities and have a dedicated department to deal with these things.