|
|
|
|
|
|
by 5440
1357 days ago
|
|
|
The new draft literally doesn't change anything. It just defines some of the things that FDA has been already asking for in the past 7 years for every device submission. Just my opinion as someone who has worked on many infusion pumps; that FDA review division is the best at FDA. They probably ask more cybersecurity questions than any other group I've encountered. I review a minimum of 5x - 510ks a week. |
|
|
And therein lies the problem. Ask lots of questions on paper, and you get something that is very secure on paper.
But if you want something actually secure, you need to do pentests, have a substantial bounty program, have the design+code inspected by security reviewers, etc.