FDA Approves Tool for Scoring Medical Device Vulnerabilities
The FDA has approved a new rubric designed by the MITRE Corporation for assigning Common Vulnerability Scoring System (CVSS) scores to medical device vulnerabilities.
The CVSS was designed for assigning scores to vulnerabilities in IT systems according to their severity, and while the system works well for many IT systems, it is less well suited to scoring vulnerabilities in medical devices.
When vulnerabilities are discovered in medical devices, device manufacturers use the CVSS as a consistent and standardized way of communicating the severity of a vulnerability to the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and other agencies. The scores are...