IEEE Releases “Building Code for Medical Device Software Security”Engineering360 News Desk | May 19, 2015
IEEE has released a set of guidelines that establish a baseline to enable secure software development and production practices of medical devices.
The guideline, Building Code for Medical Device Software Security—written by research scientists Tom Haigh and Cark Landwehr—provides a blueprint for reducing and eliminating vulnerabilities that can be exploited to access medical devices.
“Similar to building codes that were developed over centuries to guide the production of physical buildings, the elements contained in Building Code for Medical Device Software Security are intended as the beginning of a model code for software security for the medical device industry,” says Landwehr, IEEE Fellow and Research Scientist, Cyber Security Policy and Research Institute at George Washington University.
“This is just a starting point that developers can use to rule out the most commonly exploited classes of software vulnerabilities during the implementation phase,” he says. “There is more work to do, so we encourage the industry to participate in our effort to create a foundation for a more complete code for the medical device industry to apply.”
With this guideline, the goal is for companies to proactively protect against cyberattacks on software in commercial products, and reduce the number of accidental implementation errors that allow intruders to gain access.