We use cookies to provide you with a better experience. By continuing to browse the site you are agreeing to our use of cookies in accordance with our Cookie Policy.
  • SKIP TO CONTENT
  • SKIP NAVIGATION
  • Drug Products
    • Books
    • FDAnews Books Library
    • Events
    • Form 483s Database
    • Subscription Newsletters
    • Free Newsletters
    • Webinar Training Pass
    • eCFR and Guidances
  • Device Products
    • Books
    • FDAnews Books Library
    • Events
    • Form 483s Database
    • Subscription Newsletters
    • Free Newsletters
    • Webinar Training Pass
    • eCFR and Guidances
  • Clinical Products
  • Advertising
  • White Papers
  • Contact Us
  • About Us
  • COVID-19
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Home » Report Outlines ‘Building Code’ for Medical Device Software

Report Outlines ‘Building Code’ for Medical Device Software

May 22, 2015

Developers of medical device software should use secure coding standards that address known memory access vulnerabilities to protect their products from hacking, a new report says.

The right choice of programming language can help prevent memory errors that make it easy for hackers to break into a system. The Institute of Electrical and Electronics Engineers, which released the report, recommends using restricted subsets of language, such as C or Ada, that have been crafted to avoid ambiguities.

IEEE also recommends using automated tools such as thread safety analysis and memory safety error mitigation to secure software systems.

For each code element, companies need to consider four subtexts: a description of the element, the vulnerabilities addressed, developer resources that are required and evaluator resources required.

To prevent tampering after software is installed, IEEE suggests using digital signatures and building in a “whitelist” so the program will run only approved applications.

The report also recommends:

  • Using the least operating system privilege to limit access to the code;
  • Employing hardware or software solutions to protect against malicious observation or modification of the code;
  • Providing a tamper-resistant audit trail for security-related events such as software installation; and
  • Including design elements that can help to ensure safe functioning of software during an attack, or restoration in the wake of one.

Device cybersecurity made headlines recently when Hospira recalled two of its infusion pumps over concerns the software could be hacked (IDDM, May 14). The devicemaker stressed that no breaches in a care setting had been reported.

The IEEE report, Building Code for Medical Device Software Security, drew from a November workshop supported by IEEE’s Cybersecurity Initiative. View the report at www.fdanews.com/05-25-15-code.pdf. — Elizabeth Orr

Upcoming Events

  • 10Mar

    FDA Drug GMP Facility Inspections During the Pandemic

  • 16Mar

    Pharmaceutical Naming Regulation: Understanding the Latest Developments

  • 18Mar

    Pharmaceutical Postmarket Surveillance: Latest Developments in the Era of COVID-19

  • 23Mar

    Data Integrity for GCP Professionals: Core Requirements, Expectations and Challenges

  • 30Mar

    Data Integrity for GMP/Postmarket Professionals: Core Requirements, Expectations and Challenges

  • 06Apr

    Medical Device Cybersecurity: Understand the Latest Developments

Featured Products

  • Biological Risk Evaluation and Management for Medical Devices

  • GMP Inspection Preparation Checklist: A Tool for Internal Auditing

Featured Stories

  • AstraZeneca

    AstraZeneca Withdraws Imfinzi’s Bladder Cancer Indication

  • CE mark

    Cue Health’s COVID-19 Test Receives CE Mark

  • Sanofi-Regeneron_Logos.png

    Sanofi’s and Regeneron’s Libtayo Wins FDA Approval for NSCLC

  • PerkinElmer logo

    PerkinElmer’s Rapid Point-of-Care COVID-19 Test Cleared in Europe

The Revised ICH E8: A Guide to New Clinical Trial Requirements

Learn More
  • Drug Products
    • Quality
    • Regulatory Affairs
    • GMPs
    • Inspections and Audits
    • Postmarket Safety
    • Submissions and Approvals
    • Research and Development
    • Commercial Operations
  • Device Products
    • Quality
    • Regulatory Affairs
    • QSR
    • Inspections and Audits
    • Postmarket Safety
    • Submissions and Approvals
    • Research and Development
    • Commercial Operations
  • Clinical Products
    • Trial Design
    • Data Integrity
    • GCP
    • Inspections and Audits
    • Transparency
  • Privacy Policy
  • Do Not Sell My Personal Information
Footer Logo

300 N. Washington St., Suite 200, Falls Church, VA 22046, USA

Phone 703.538.7600 – Fax 703.538.7676 – Toll free 888.838.5578

Copyright © 2021. All Rights Reserved. Design, CMS, Hosting & Web Development :: ePublishing