The Device Lab welcomes participants acting in good faith, in the best interest of patients, when researching, disclosing, and addressing security issues.
The Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
As part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies and teaming up with the Biohacking Village. These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
Biohacking Village and its partner organizations present the following details for this year's Device Lab:
Abbott
Vulnerability Disclosure Policy
ICUMedical
Vulnerability Disclosure Policy
ThermoFisher
Vulnerability Disclosure Policy
Dräger
Vulnerability Disclosure Policy
Johnson and Johnson
Vulnerability Disclosure Policy
ResMed
Medical Device
Makers
As part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed.
COORDINATED VULNERABILITY
DISCLOSURE
We have volunteers from CERT/CC, US DHS, MITRE, and the US FDA on hand to facilitate disclosures, and provide other resources. Security researchers who take the Device Lab pledge to act in the best interest of patients, and to disclose potential vulnerabilities to the manufacturer in good faith are welcome to participate in our Open Security Testing.