Modern medical devices are more complex than they used to be. With increased connectivity to the internet and the cloud, and the exponential increase of medical devices for home use, which must withstand insecure home networks, the security challenge for medical software development is also more complex.
As the security challenge increases, so does the impact on safety, risk, development cost, and liability. Use of third-party software, including operating systems, libraries, and legacy code is also a risky reality for all products.
This paper discusses how to manage the evolving software supply chain risks in patient-critical systems, an increasingly critical part of medical device software development.