medical device

medical device

RVA5ec 2016: Steve Christey - Toward Consistent, Usable Security Risk Assessment of Medical Devices

1d ago
SOURCE  

Description

“CVSS? For *my* medical device?” It’s more likely than you think. With so many different stakeholders in the medical device ecosystem – including manufacturers, hospitals, researchers, third-party coordinators, and patients – it’s no wonder that risk assessment is looking kind of discombobulated right now. When a new medical device vulnerability comes out, rarely is there any agreement about how bad it is. It can be very difficult for health care providers to use existing information to make appropriate, defensible risk decisions If only there were a common vulnerability scoring system to stop the madness! Enter CVSS. But how can this IT-oriented system be used for evaluating medical device vulnerabilities, and should it? Fortunately, FDA’s CDRH has tasked MITRE to work with the medical device community to find out, so I’ll tell you all about it. Presented at http://rvasec.com/