FDA's New Cybersecurity Lab Looks to Fuzz Testing

In the wake of its recent safety communication on medical device cybersecurity, the FDA has indirectly announced that it plans to develop a cybersecurity laboratory. The new lab will use a procedure called fuzzing or fuzz testing to assess the vulnerability of medical device software to exploits by attackers. The announcement came in a solicitation published July 21 on the Federal Business Opportunities website.

According to the announcement, fuzzing is the “best way” to discover software vulnerabilities. The method “feeds a program, device or system with malformed and unexpected input data in order to find defects. Malformed, anomalous input such as overflow, underflow or repetition trigger a vulnerability in software, causing for example crashes, denial of service (DoS), security exposures or performance degradation.” Identifying such failures will allow software to be hardened against exploits before commercial release.

The lab will use Codenomicon’s Defensics software to conduct the fuzz testing.

The FDA’s notice did not explain how the agency will ultimately use the cybersecurity lab, nor did it specify how the lab might affect the medical device clearance process.

FDA’s New Cybersecurity Lab Looks to Fuzz Testing

Recent Posts

FDA’s New Cybersecurity Lab Looks to Fuzz Testing

Related Posts

Des Moines Hospital Claims Cyberattack Was to Blame for Boy, 3, Being Given ‘Megadose’ of Opioids

FBI: Critical Infrastructure Hit 860 Times by Ransomware in 2022

Health Systems Want Government Help Fighting Off the Hackers

University of Minnesota Launches Center for Medical Device Cybersecurity

Recent Posts