Current devices are complex products: a result of an ecosystem effort, with HW and SW components provided by several manufacturers, across long supply chains. System-level threats may materialize in the interaction of diverse sub-systems and components, due to assumptions occurring at different stages of the production chain. This encompasses not only the design phase, but also (HW & SW) development, threat modeling and even security testing. This presentation explores some classes of such assumptions, as distilled by presenter’s experience. Relevant attacks such as "Timing Attacks against IoT devices" or "Bypassing an encrypted Secure Boot with Fault Injection" are also discussed. If you are involved in securing modern digital products, as a Developer, HW or SW System Architect, Product Security Manager or as a Security Researcher, you may find them interesting This talk has been presented at HITB Dubai 2018 security conference.