Then this is where the pressure needs to be applied - at the certification proce... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dsuth on June 5, 2014 \| parent \| context \| favorite \| on: Can I drop a pacemaker 0day? Then this is where the pressure needs to be applied - at the certification process. It needs to be made a legal requirement to attain certification (if not already), and the certifiers need to follow best practices for vulnerability detection. And it needs to be an ongoing, open process.

niels_olson on June 5, 2014 [–]

Yes, the FDA certification should include something along the lines of "Manufacturer has an ongoing process to evaluate new vulnerabilities and push updates to affected individuals."

seehafer on June 5, 2014 | [–]

It does, at least for new approvals post ~2012. Doesn't help existing devices in the field though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact