[Owasp-leaders] medical device security

Andrew van der Stock vanderaj at owasp.org
Wed Jul 27 02:36:55 UTC 2016

Great work, Tom

Some things I've noticed:

The defensive programming stuff in there is good; but I would have loved to
have seen more resiliency being promoted rather than just alarming and
detection. Many devices need to keep on working in the face of attack, and
the people they notify might be nurses or techs, rather than security
specialists. I would have loved to have seen more on how to code on keeping
going in the face of utterly hostile attempts on the device.

It's a shame it didn't make any references to OWASP other than your and
Jonathan's affiliation. A lot of the topics covered in there are also
covered by us, and we have good materials for that. Hopefully, we can
either address this at OWASP by having content that is suited to this
material, or provide insight into our current material that this document
tries to cover.

A good first start, however. Good job! :)


On Wed, Jul 27, 2016 at 11:30 AM, Tom Brennan - OWASP <tomb at owasp.org>

> Recently a unique team of people were invited to work on standards to
> drive medical device security.  The output from this project is now
> publicly available and I wanted to share our work now that it is
> public with the global OWASP community.
> http://cybersecurity.ieee.org/images/files/images/pdf/building-code-for-medica-device-software-security.pdf
> --
> Tom Brennan
> GPG ID: DC6AA149
> https://www.linkedin.com/in/tombrennan
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160727/68ef280a/attachment.html>

More information about the OWASP-Leaders mailing list