Interesting article - reminded me of the sometime-disconnect between software developers and security personnel: different views of risk, security people are not always involved early enough in the product lifecycle, etc.
One reason it is happening in our medical device industry is that risk management is seen as a paper exercise for regulatory compliance. No one believes in it, and unfortunately auditors are not competent to catch even the obvious deficiencies.
Interesting article - reminded me of the sometime-disconnect between software developers and security personnel: different views of risk, security people are not always involved early enough in the product lifecycle, etc.
One reason it is happening in our medical device industry is that risk management is seen as a paper exercise for regulatory compliance. No one believes in it, and unfortunately auditors are not competent to catch even the obvious deficiencies.