FAILURE AND HAZARD ANALYSIS
One major point of failure our product will have to contend with are major security breaches that could pose a serious risk to our customers' personal data. As a developer of a security-oriented product, we have an obligation to be particularly concerned about our customers' information and digital wellbeing.
These breaches can come in the form of hardware- or software-based attacks. The following is a list for each type of attack, and what we can do to prevent them.
Hardware Attacks:
Reduce input/output ports to an absolute minimum - this is to reduce the number of physical entry points to siphon data as much as possible
Use strong materials to prevent brute force physical attacks on our device - this is to prevent any potential attackers from accessing internal circuitry which could be used to intercept signals and data
Minimize number of components to housing - this is to reduce the number of points of failure in the housing, and make it more difficult to physically brute force the device.
Software Attacks:
Protect encryption algorithms to prevent decryption of sensitive user data being passed into user devices
Minimize data output volume to prevent potential hackers from gleaning as much information as they can from the device
NO WIRELESS CONNECTIONS - wireless connections produce signals that could be intercepted by attackers and subject to decryption. The best way to avoid an issue with this to not include the feature at all.
The same would apply to a connection to the internet. Our device would objectively require zero internet connection to function.
No back door/recovery tools - recovery tools for our device would prove to be detrimental because if it falls in the wrong hands, it could be used maliciously to intercept user data. The same could be said about built in software defined "backdoors," which are also often used for recovery purposes. Our device would see no need for this, as credentials can always be reset with their respective user's accounts, and the scanner can be reprogrammed to contain all the necessary credentials strictly at the user's volition.
Ultimately, one objective we can take on in the long term is to invest in a cybersecurity team that would ensure the security of any proprietary software we produce, for both the device itself and user equipment that requires it.