Securing RISC-V Third-Party IP: Enabling Comprehensive CWE-Based Assurance Across the Design Supply Chain
The article discusses the importance of securing RISC-V third-party IP (3PIP) in the design supply chain to ensure comprehensive assurance. A Common Weakness Enumeration (CWE)-based methodology is proposed for structured security validation, replacing ad hoc reviews with measurable validation. The methodology enables scalable assurance for RISC-V cores by creating reusable security requirement templates and verification properties. A use case with SiFive X280 3PIP Assurance demonstrated successful analysis of CWEs, highlighting the importance of eliminating uncertainty in design implementation. By reducing non-recurring engineering (NRE) effort through reusable assurance templates, the methodology aims to strengthen the design supply chain for RISC-V and beyond, providing measurable confidence and reducing integration uncertainty.