6 | Partner Ecosystem Journal / Volume 1, Issue 1
Software Considerations and Security
Requirements for Medical Devices
By Daniela Previtali, Global Marketing Director, Wibu-Systems
Software has become ubiquitous in the healthcare industry, widely used to control medical
devices and health information systems as well as to communicate and maintain electronic
patient data, all in an increasingly connected environment. For embedded system devel-
opers, in particular, choosing the software best suited for the design of the medical device
and its end use is critical. Options abound—use a commercial off-the-shelf product or cre-
ate your own? Employ a real-time operating system or a general-purpose operating system
such as Linux or Android? And what security mechanisms will be incorporated to protect
software from malicious tampering and ensure data transmission and storage?
While the needs and requirements for each device will vary—as will its features, functions,
and capabilities—it is critical to evaluate the full range of options before making the
selection. Among the many key considerations are shelf life, an easy-to-understand user
interface, secure and stable communications, multi-CPU system design, connectivity, mod-
ularity, and scalability.
Additionally, the choice between commercial and open source development requires care-
ful consideration. While each option has advantages and trade-offs, the choice typically
comes down to the completeness and sophistication of commercial offerings versus the
low cost and ubiquity of open source software. From a safety standpoint, medical device
system software needs to support security features that protect against malware and also
deliver secure data storage and transmission. The system software also needs to support
secure upgrades, downloads, and authentication of applications to help keep devices
secure across an ever-changing threat landscape.
As open source software continues to grow in popularity within the development commu-
nity, commercial vendors too are focusing on software solutions that specifically address
the unique challenges of medical devices. Wind River and Wibu-Systems, for example,
offer integrated solutions that leverage each other's technology expertise. With the inte-
gration of Wibu-Systems' CodeMeter security platform with VxWorks, the world's most
widely deployed RTOS, developers of connected medical systems have access to a fully
scalable solution that features best-of-breed security for device, data, and IP protection,
as well as additional licensing management options to expand business opportunities for
applications developed on the VxWorks platform.