Mike is the Principal Security Technologist at Synopsys Inc. He has more than 25 years of leadership experience in security system and safety critical system engineering. He was founder and CTO of Elliptic Technologies, which was recently acquired by Synopsys. He has been an active contributor to the Security Task Group of IEEE 802.1; was an editor of the 802.1AR Secure Device Identifier standard; is a founding member of the prpl Foundation and co-chair of its security engineering group; chairs the EEMBC IoT security benchmark working group; and is vice-chair of the Accellera IP Security Assurance working group.
Certification gets you started, but it doesn’t provide an ongoing value-added stamp that this continues to be secure. And this is what really we’re talking about when we talk about having long-lived products that need to survive and be functional in an evolving threat environment. Regulation is one way to get that. Liability is another way to get it, but you still have to deal with the fact that companies will come and go. Depending on the industry, the lifetime of companies can be shorter than the lifetime of products. And that’s just a fact in which we operate. So that still needs to be dealt with.9 August 2021