"We take security very seriously!" We have all heard this before, but it is more challenging to prove it than to say it. In the electronics industry we are eager to bring our concepts to life, and it can be a drag to make a pitstop and undergo a security audit. But the industry will be better off if we collectively establish sensible security standards and then adhere to them. The ioXt Alliance was created a few years ago by industry veterans to serve as the hatchery for this work. It is a device-level certification that includes 8 best practices for making secure hardware. We joined the alliance about a year ago and our flagship product was recently certified with the ioXt 2021 Base Profile:
It's worth noting that we did not hire security consultants or expensive add-on services in order to achieve this certification. There is a fee payable to ioXt but if this is viewed alongside other regulatory costs such as FCC, CE, or UL; it is a modest amount. We encourage other device makers to join the alliance (it's free), follow the standards they have defined, and certify products that have a market potential of $1M or more. Our customers deserve a simpler way to determine that we really do take security seriously.