Developers of medical device software should use secure coding standards that address known memory access vulnerabilities to protect their products from hacking, a new report says.
The right choice of programming language can help prevent memory errors that make it easy for hackers to break into a system. The Institute of Electrical and Electronics Engineers, which released the report, recommends using restricted subsets of language, such as C or Ada, that have been crafted to avoid ambiguities.
IEEE also recommends using automated tools such as thread safety analysis and memory safety error mitigation to secure software systems.
For each code element, companies need to consider four subtexts: a description of the element, the vulnerabilities addressed, developer resources that are required and evaluator resources required.
To prevent tampering after software is installed, IEEE suggests using digital signatures and building in a “whitelist” so the program will run only approved applications.
The report also recommends:
Device cybersecurity made headlines recently when Hospira recalled two of its infusion pumps over concerns the software could be hacked (). The devicemaker stressed that no breaches in a care setting had been reported.