In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what’s next for his company.
Software used to remotely program implantable cardiac devices by a number of vendors is rife with exploitable software vulnerabilities that leave the devices vulnerable to attacks and compromise, according to a report by the firm Whitescope Inc.
In-brief: The stock of medical device maker St. Jude plunged by 5% on Thursday after a report called for investors to bet against (or “short”) the company’s stock over serious security vulnerabilities in a range of the company’s implantable cardiac devices.
In-brief: A BBC article profiles an information security expert who finds herself the bearer of an implanted pacemaker, raising issues about the risks and benefits of new, connected health devices.
In-brief: Thousands of clinical systems are exposed to remote attacks according to researchers, who say that poorly designed and loosely configured medical devices are a major source of insecurity.