IEEE Cybersecurity Initiative recently issued a guidance for software developers that address medical device security.
The guidance, "Building Code for Medical Device Software Security," provides the blueprint to reduce or eliminate vulnerabilities that adversaries can exploit to gain access to medical devices.
“This is just a starting point that developers can use to rule out the most commonly exploited classes of software vulnerabilities during the implementation phase," said Carl Landwehr, IEEE Fellow and Research Scientist, Cyber Security Policy and Research Institute at George Washington University. "There is more work to do, so we encourage the industry to participate in our effort to create a foundation for a more complete code for the medical device industry to apply.”
The guidance was authored by Landwehr and fellow security research scientists Tom Haigh.