MedISAO introduces Coordinated Vulnerability Disclosure process for members
Does your organization have a Coordinated Vulnerability Disclosure Process as advised by the FDA's Postmarket Cybersecurity Guidance?...
MedISAO introduces Coordinated Vulnerability Disclosure process for members
Back to Basics: Part I
FDA Postmarket Cybersecurity Guidance Released
Medical Device Security 101 Conference
Hippocratic Oath for Connected Medical Devices
Automated Vulnerability Alerts for Embedded Linux
Back to Basics: Part II
Does your organization have a Coordinated Vulnerability Disclosure Process as advised by the FDA's Postmarket Cybersecurity Guidance?
MedISAO can take care of that for you! We recently launched a Coordinated Vulnerability Disclosure (CVD) program that can get you started, or augment your already established process.
What does it mean to be a part of this program?
MedISAO will act as a Coordinator for your Organization as defined in ISO/IEC 29147. It will host a form herewhere security researchers can submit vulnerability reports, and will forward those reports to your organization. On your organization's website and in documentation, you should direct users to this form as one of the accepted ways of submitting vulnerability information. Once the vulnerability has been verified and resolved or rejected by your organization, MedISAO will inform the reporter of actions taken, and disseminate advisories about the fix through its standard advisory process.
How can I sign up?
Email members@medisao.com with your MedISAO username to start the process.
Are there any costs associated with this program?
The Coordinated Vulnerability Disclosure program is free for all organizational members.
Does this mean I don't need to set up a Vulnerability Handling Program at my organization?
You still need to set up an internal vulnerability handling program at your organization that will handle vulnerability verification and response. For reference see ISO/IEC 30111:2013 or MedISAO's guide for how to set up a policy at your organization. If you need more help you can email us at members@medisao.com any time.
My organization already has an established Coordinated Vulnerability Disclosure Process. Should I still join MedISAO's program?
Yes! In addition to your already established process, MedISAO can serve as an additional avenue for receiving vulnerability information.
Let's take a moment to get back to the basics of cybersecurity in medical product design. The goal is to prepare a solid list of things to be on the lookout for when doing a cybsecurity risk analysis.
In an uncharacteristically quick move, the FDA released this official guidance less than a year after the draft was released for comments. This guidance for medical device manufacturers "recognizes to
Click here for more information The Medical Device Security 101 Conference, hosted by the University of Michigan’s Archimedes Center for Medical Device Security, is a 2-day educational workshop taking