Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y Newsgroups: sci.electronics.design Subject: Re: Offshore firmware management Date: Sat, 25 May 2024 20:05:17 -0700 Organization: A noiseless patient Spider Lines: 23 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Sun, 26 May 2024 05:05:30 +0200 (CEST) Injection-Info: dont-email.me; posting-host="e324dc6d5a27212bf284568b86948ba2"; logging-data="3427983"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19qSlGpE71cF3caIH8Cg/uO" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:/WHrNV/5LJ/ZnXj0g/qhL1GfLuA= In-Reply-To: Content-Language: en-US Bytes: 2180 On 5/25/2024 8:01 PM, Don Y wrote: > On 5/25/2024 5:10 PM, Joe Gwinn wrote: >> On Sat, 25 May 2024 16:24:42 -0700, Don Y >> wrote: >> >>> When outsourcing manufacture, what steps are you taking to protect >>> your IP (in the form of firmware) from unauthorized copying/counterfeiting >>> by the selected vendor *or* parties that may have access to their systems? >> >> What is the capability and desire level of the threat actors?  If it's >> an intelligence agency of reasonable large country, you probably >> cannot do anything effective. > > No.  The concern is that the contracted manufacturer (or, anyone with > access to his information systems) decides to go into business in > direct competition, simply by selling YOUR device at a cut-rate price > (not having to recover the engineering/development/warranty/support > costs that you have) ... given that he has all (?) of the information to produce a device that can be drop-shipped to a customer.