IEEE Cybersecurity Initiative Releases “Building Code for Medical Device Software Security”

May 22, 2015

Business Wire originally released 5-18-15

IEEE, the world's largest professional organization dedicated to advancing technology for humanity, today announced the release of Building Code for Medical Device Software Security, a set of guidelines to help companies establish a secure baseline for software development and production practices of medical devices. Authored by leading security research scientists Tom Haigh and Carl Landwehr, Building Code for Medical Device Software Security provides the blueprint to reduce or eliminate vulnerabilities that adversaries can exploit to gain access to medical devices.

Cybersecurity has become big business. Consultancies that advise companies on how to deal with attacks to their systems may reduce risks for the companies that hire them, but they are unlikely to reduce the problem of vulnerable software in commercial products. The companies producing software with embedded vulnerabilities are the only ones who can reduce those vulnerabilities at the point of origin and break the continual release-discover-patch cycle. Most exploited vulnerabilities are due to accidental implementation errors that can be avoided or significantly reduced through the use of specific programming languages and automated tools for checking software.

“Similar to building codes that were developed over centuries to guide the production of physical buildings, the elements contained in Building Code for Medical Device Software Security are intended as the beginning of a model code for software security for the medical device industry,” said Carl Landwehr, IEEE Fellow and Research Scientist, Cyber Security Policy and Research Institute at George Washington University. “This is just a starting point that developers can use to rule out the most commonly exploited classes of software vulnerabilities during the implementation phase. There is more work to do, so we encourage the industry to participate in our effort to create a foundation for a more complete code for the medical device industry to apply.”

The release of Building Code for Medical Device Software Security reflects the goal of the IEEE Cybersecurity Initiative to shape and lead a technical agenda by providing tools for computer security education, guidance on secure software coding and software assurance engineering. The IEEE Cybersecurity Initiative is a program of the IEEE Future Directions Committee, designed to develop and share educational tools, events and content for emerging technologies. To learn more, follow the IEEE Cybersecurity Initiative on Twitter, or visit cybersecurity.ieee.org.

About IEEE

IEEE, a large, global technical professional organization, is dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. Learn more at http://www.ieee.org.

Read article