The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State

Written By Ryan Owen

On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) explore the FDA's new Refuse to Accept (RTA) decision process and what it means for successful premarket submissions of medical devices. Together, Larry and Eric examine how prepared the industry is for the coming changes and assess how medical device manufacturers may weigh the new risk-benefit calculus. Eric and Larry also look at how past cyberattacks lead companies to forge enduring changes in cybersecurity culture and controls and discuss whether these regulatory changes will bring about significant improvements in securing connected medical devices. 

Interview with Larry Pesce  

Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University. 

In this episode, Eric and Larry discuss the:

  • FDA's new Refuse-To-Accept (RTA) decision authority and what it means for SBOMs and the premarket submissions of medical devices

  • Whether the medical device sector is adequately prepared for these changes

  • How the new regulations may alter the liability vs. risk tolerance question for medical device manufacturers

  • The extent to which the FDA will rigorously enforce the new premarket submission requirements

  • The potential qualitative difference this new regulation may bring to the the overall security of medical devices

  • How cyberattacks often lead companies to make meaningful, lasting changes in their cybersecurity practices

Find Larry on LinkedIn:

Larry Pesce: https://linkedin.com/in/larrypesce

Learn more about Finite State: https://finitestate.io/


Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.

 

If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.

 

To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

Ryan Owen
Previous

How Big is Your Data? The Increasing Demand for Detailed, Actionable Information in Cybersecurity, with Dino Boukouris, Founder and Managing Director, Momentum Cyber
Next

Coming Soon? Getting Sued for Crappy Software? with John Banghart, Senior Director for Cybersecurity Services, Venable LLP