Open source by itself doesn’t guarantee security. It still comes down to the fundamentals of design.
When the Meltdown and Spectre vulnerabilities were first uncovered in 2018, they heralded an industry-wide shift in perspective regarding processor security. As the IBM X-Force Threat Intelligence Index put it the following year, “2018 ushered in a new era of hardware security challenges that forced enterprises and the security community to rethink the way they approach hardware security.”
RISC-V is coming of age in that new era, benefiting both from lessons learned in the past and from the broad range of contributions by its open-source community.
For most attacks, threat actors don’t care which processor they might be targeting. “If someone’s doing spear phishing, it relies on you clicking on a URL,” said Rupert Baines, Codasip’s chief marketing officer. “It doesn’t matter whether you’re running an Intel processor or an Arm M2. If you click on that link, you’re vulnerable. And a lot of attacks are like that.”