Creating a Building Code for Medical Device Software Security
National Science Foundation
Institute of Electrical and Electronics Engineers
Software systems on whose security we rely might be more trustworthy if the software analog of a building code were developed and applied to them. This project is a workshop that aims to develop both (1) an initial draft for a building code for a specific domain of software-controlled systems, medical devices, which compose a domain of cyberspace in which security and trustworthiness are particularly critical, and (2) a related agenda for research into assuring desired security properties of such systems.
The purpose of this workshop is to advance the adoption of proven techniques for assuring that software controlling medical devices is free of common sorts of vulnerabilities and to develop a research agenda that will provide the basis for continuing improvement of the security of future medical device software.
The workshop, if successful, could potentially lead to significantly less vulnerable medical device software systems and could also motivate appropriate research in the area. If the workshop succeeds in identifying a useful structure for a building code for this domain of software, the basis will also be laid for extending the approach to other possible software domains where security is a critical consideration.
Dr. Carl Landwehr