Last reviewed: May 1, 2026
Listen now
Which cybersecurity tests are the most crucial, and which ones does the FDA require for medical device approval?
In this episode, Christian and Trevor break down the many types of cybersecurity testing required for medical devices. They explore the distinctions between vulnerability assessments, penetration testing, and other critical methods like fuzz testing, security requirement testing, and dynamic analysis. Along the way, they share real-world examples, FDA compliance insights, and practical tips for ensuring no entry point goes untested.
Key points:
(3:21) Vulnerability vs. Penetration Testing
- Vulnerability testing identifies issues quickly, while penetration testing digs deeper to exploit them.
(6:01) Software Composition and Static Analysis
-
Using SBoMs to identify risks in third-party and unknown code.
-
Dangers of insecure, copied code such as hardcoded credentials.
(10:23) Penetration Testing Types and Abuse Cases
-
Differences between black, gray, and white box testing.
-
Abuse case testing for overlooked or “out of scope” device interfaces.
(20:44) Fuzz Testing and Security Requirements
-
Fuzz testing for unexpected input handling and potential zero-day vulnerabilities.
-
Security requirement testing, dynamic analysis, and advice on choosing skilled third-party testers.
Bring this work to your device
Need help with sbom management?
Blue Goat Cyber delivers sbom & supply chain services for medical device manufacturers - from threat modeling to FDA-ready reports.
SBOM & Supply Chain ServicesMore on SBOM Management
Keep listening
-
Episode 66
Vibe Coding Security Risks and Malicious Code Injection with Jake Rodriguez of Triangle Tech
With Jake Rodriguez
-
Episode 53
Untangling Software Composition Analysis for MedTech Teams
With MedTech leader
-
Episode 37
Overcoming AI and Data Security Challenges in MedTech with May Lee
With May Lee
-
Episode 69
Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital
With Varun Turlapati