Why Is Traceability Important?
Traceability is important. Why? Many organizations need to meet regulatory compliance in their industry or minimize risk.
In this blog, we discuss the importance of traceability by examining four real examples of where a lack of traceability caused issues for organizations, in some cases proving very costly.
Related blog >> What Is Traceability?
Why Is Traceability Important?
Traceability is important in the design and development processes. It ensures quality, manages the impact of change, mitigates security risk, and (in many industries) ensures that compliance requirements are met.
Examples: Why Traceability Matters
In the first example, a bug had affected processor cores. This company produces a family of processors, and in a given family all of the processors have much of the same technology, just with tweaks for different functionalities.
The way the bug worked was that there was a vulnerability in the IP itself, deep in the IP design, that allowed unauthorized agents to change the values inside of the processor and open it up to attack.
After the bug hit one of the processors, the problem was identified and a patch was issued. The fundamental issue they had, however, is they had no idea where else that IP was used. Sure enough, two weeks later, the same bug hit another processor in the family with the same issue, and another processor two weeks after that.
After initially finding the bug, they lacked the traceability to understand what other designs they had that could possibly be vulnerable to it. This ultimately cost a loss in market cap of nearly $1 billion as well as C-suite turnover.
In another example from this same company, an issue arose from hardware and software configuration — certain versions of software only work with certain versions of hardware.
A bug was found in the embedded software code for one family of products. To remedy this, they re-released the software. The issue was the underlying IP in the software used a fundamentally different version of the processor than others. This resulted in effectively killing the other processors, as they needed their own special software builds.
With greater traceability, there would have been a better understanding of the configuration between hardware and software and what versions of IP and specific requirements were needed on the software side for the processors to work.
Semiconductor and Computer Software Manufacturer
A U.S.-based engineer was working on their designs that could only be accessed in the United States. Whether working from the office or working from home, there were no issues.
The engineer traveled on business to one of their overseas locations. By the mere act of them opening their computer on the network, everything they had been working on in the U.S. was leaked overseas.
There was nothing nefarious going on, they were just doing their normal everyday work. But without traceability, there was no way to flag the workspace on their laptop as being populated with that IP while they were abroad and prevent the IP leakage.
How Many Millions Are You Willing to Set Aside to Address IP Leakage?
Leaks costs millions of dollars. In this white paper, we show how inadequate IP management can lead to vulnerabilities and how it can be addressed with a platform like Methodics IPLM.
The IP at this company is very hierarchical, with IPs built on top of other IPs, and lower level IPs getting integrated into those above them.
The issue here was there was one IP that was restricted and could only be used in the United States. During design integration, someone used that IP to build another IP, which later was used in a higher level IP. The restricted IP was buried deep in the hierarchy, and unfortunately, its security restrictions were never propagated to the higher level IP in the design.
Everything else about the design was fine, it could be brought anywhere in the world, but since that one IP was restricted it got lost in the complexity of the larger IP. Through no nefarious purposes, that IP was shared overseas, exposing this IP and creating a security violation.
Without traceability, there was no way of knowing that the IP should have inherited the properties of the IPs below it, which was further muddled by the complexity of the design.
Prioritize Traceability With Methodics IPLM
The common thread in all of these scenarios is in each instance they lacked not only the traceability needed for the design IP, but also the meta data — the who, what, when, where, why, and how of their IP.
You need to understand all aspects of your IP: who is developing it, where it’s being used, what version is being used, etc. Without this knowledge, innocent and common mistakes can open your company up to security and business risks that could cost millions of dollars.
The Methodics IPLM platform provides traceability of not only the design IP, but all of the meta data associated with that IP, helping companies avoid these costly mistakes.
Get in touch with one of our experts today. We’ll provide you with our white papers and other resources and provide guidance on how the full traceability solution of Methodics IPLM will help your business.
Explore additional semiconductor topics: