Last fall, we posted a deep dive about supply chain security after reports of implants in SuperMicro servers affecting companies like Google and Amazon. This spring, supply chain security is back in the news again, after hackers targeted thousands of computers by gaining access to ASUS’s update servers and propagating signed malware to their victims.

At the heart of this problem is the question: How do we use machines we can’t trust? Whether bugs are in third party software, or hardware that is licensed, designed, and manufactured by hundreds of companies, it’s hard to have confidence in the computers and devices we rely on every day to run our lives and businesses.

Frankly speaking, our product is one answer to that question. But you’re not here for a product pitch and the purpose of this post is to discuss the ongoing challenge of balancing mistrust with utility.

​The single software component that contained the vulnerability of the camera, was used by the manufacturer not only in the firmware of the one camera model that we exploited, but also throughout the manufacturer's product line affecting more than just cameras. Furthermore, that same "design" (including the vulnerable component) was repeated by other manufacturers to make devices of all kinds (even desktop software)...all potentially vulnerable to the same bug.