Security News > 2020 > October > FDA Approves Use of New Tool for Medical Device Vulnerability Scoring

FDA Approves Use of New Tool for Medical Device Vulnerability Scoring
2020-10-22 15:11

The Common Vulnerability Scoring System was originally designed to convey the severity of vulnerabilities found in IT systems, and it may not be as relevant in some areas, such as industrial control systems or medical devices.

MITRE developed the new rubric last year and the FDA announced this week that it has qualified as a Medical Device Development Tool.

The FDA believes that using MITRE's rubric for applying CVSS to medical devices, together with CVSS v3.0, "Allows a common framework for risk evaluation and communication between all parties involved in a security vulnerability disclosure, particularly when discussing its severity and urgency."

The FDA's approval of the tool means "That vendors can communicate measurements from the rubric about their devices with the FDA for pre-market security and risk assessments," Elad Luz, head of research at New York-based healthcare cybersecurity firm CyberMDX, told SecurityWeek.

The expert says the new guidelines are clear and easy to use, with real-world examples taken from medical devices used worldwide.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/KdatuZO6oeY/fda-approves-use-new-tool-medical-device-vulnerability-scoring