An expensive, months-long legal tussle between a UK engineer and a healthcare non-profit is spurring calls for reform to the country’s 30 year-old Computer Misuse Act, which Dyke and others contend criminalizes the work of ‘Good Samaritan’ security researchers acting in the public interest.
The U.S. Department of Homeland Security warned of critical vulnerabilities in a range of products by GE. We speak with Elad Luz, the head of research at CyberMDX, which discovered the holes.
In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what’s next for his company.
In-brief: A global federation of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms. (Updated with comments from Dr. Nordenberg. PFR 7/25/2017)
In-brief: the U.S. healthcare sector is in critical condition and needs urgent, coordinated action to protect patient safety and address vulnerabilities in millions of deployed medical devices, a Congressional Task Force has concluded. (Updated with comments from Joshua Corman of Atlantic Council. PFR June 7, 2017)