The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State
IoT: The Internet of Threats - En podcast af Finite State
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) explore the FDA's new Refuse to Accept (RTA) decision process and what it means for successful premarket submissions of medical devices. Together, Larry and Eric examine how prepared the industry is for the coming changes and assess how medical device manufacturers may weigh the new risk-benefit calculus. Eric and Larry also look at how past cyberattacks lead companies to forge enduring changes in cybersecurity culture and controls and discuss whether these regulatory changes will bring about significant improvements in securing connected medical devices. Interview with Larry Pesce Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University. In this episode, Eric and Larry discuss the: FDA's new Refuse-To-Accept (RTA) decision authority and what it means for SBOMs and the premarket submissions of medical devices Whether the medical device sector is adequately prepared for these changes How the new regulations may alter the liability vs. risk tolerance question for medical device manufacturers The extent to which the FDA will rigorously enforce the new premarket submission requirements The potential qualitative difference this new regulation may bring to the the overall security of medical devices How cyberattacks often lead companies to make meaningful, lasting changes in their cybersecurity practices Find Larry on LinkedIn: Larry Pesce: https://linkedin.com/in/larrypesce Learn more about Finite State: https://finitestate.io/ Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems. If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast. To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/