Skip to content

Automate software testing for medical devices

Code Intelligence's AI-driven fuzz testing platform helps developers keep critical bugs out of their code and ensure compliance with FDA’s and MDR’s testing requirements. Reach up to 100% code coverage with zero false positives.
industry-medical-devices-placeholder-cropped-small
TRUSTED BY
google-2015-3Deutsche_Telekom_2022 1-3bosch-logo-simple 1-2Secunet_Security_Networks_Logo-2Continental_AG_logo 1-2Cariad_Logo-2ETAS-Logo-2

The role of fuzz testing in medical device cybersecurity

Fuzz testing is highly recommended by several American and European standards and guidance for medical devices cybersecurity. Non-compliance with these documents may lead to the denial of market approval.
 
The most important guidance documents advocating for fuzz testing:
 
  • Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions by the U.S. Food and Drug Administration (FDA)
  • AAMI TIR 57:2016 Principles For Medical Device Security - Risk Management
  • Guidance on cybersecurity for medical devices (MDCG 2019-16) by the European Commission and the Medical Device Coordination Group
  • IEC 81001-5-1 Health software and health IT systems safety, effectiveness and security. Part 5-1: Security — Activities in the product life cycle.

FDA’s requirements for medical device security

Download the free white paper to discover: 

  • Key documents on USA cybersecurity requirements for medical devices
  • Fuzzing’s role in the FDA’s guidance on cybersecurity and AAMI TIR 57:2016
  • When manufacturers need to comply with the FDA’s security requirements
  • Why fuzzing is highly recommended for testing medical devices.
1200x627_text-1 (2)
1200x627_text-1 (2)

FDA’s requirements for medical device security

Download the free white paper to discover: 

  • Key documents on USA cybersecurity requirements for medical devices
  • Fuzzing’s role in the FDA’s guidance on cybersecurity and AAMI TIR 57:2016
  • When manufacturers need to comply with the FDA’s security requirements
  • Why fuzzing is highly recommended for testing medical devices.

Three reasons to use fuzzing for testing medical devices

Fuzz testing is widely used for testing embedded systems not only for compliance reasons.
CIFuzz-1-1
Detect critical issues
 
These include buffer overflows, memory corruption and other bugs relevant to memory-unsafe languages such as C/C++.
Fuzzing analyzes code dynamically. This ensures zero false positives - a finding is a finding.
CISpark-2
Uncover issues as early as you have executable code
 
Fuzz testing that analyzes source code can be integrated into the development process to test your code automatically as soon as you have an executable program - at the unit, integration, and system testing stages.
CIFuzz-3
Increase code coverage to up to 100%
 
Source code fuzzers leverage feedback about the software under test to reach the highest code coverage. Thus, you know how much of your code actually was executed during a test and what needs additional testing.

Fuzz Testing with Code Intelligence

Automate your software testing for medical devices with an AI-driven fuzzing platform. Ensure compliance with FDA’s and MDR’s testing requirements.
Detect critical bugs & vulnerabilities without false positives

Code Intelligence connects to the source code and, unlike static analysis (SAST), analyzes code when executed.

Every flagged issue represents an actual issue in the running code. Most are highly critical, e.g. buffer overflows, memory corruption, and leaks.

Blog 'From simulation to success' - Visual 'Identifying bugs'
Enable your engineers to reproduce & fix issues in minutes, not in weeks

All uncovered issues are pinpointed to the exact line of code in the repository and accompanied by inputs that triggered an issue and clear actions to remediate those. So you can quickly identify the root cause, start fixing them, and release features faster.

Enable your engineers to reproduce & fix issues in minutes, not in weeks
Let AI automate the generation of test cases and mocks

CI Spark, a built-in AI assistant that leverages large language models (LLMs) and static code analysis, automatically writes thousands of test cases and generates inputs and mocks for all dependencies.

CI Spark is also helpful in identifying top candidates for fuzzing.  

CI Spark C_C++
Achieve up to 100% code coverage

Code Intelligence leverages feedback about the software under test to achieve the highest code coverage. Subsequent executions automatically generate new test cases to detect additional paths, thereby increasing code coverage.

This ensures your development teams know how much of their code was actually executed during a test and which parts need additional testing.

Blog: From simulation to success - Visual: Code coverage
Easily integrate fuzzing in your CI/CD

Integrate Code Intelligence with your CI/CD pipeline to automatically test your software with every pull request. This ensures regressions and release blockers are identified long before reaching production.

Easily integrate fuzzing in your CI_CD
“Fuzz testing is state-of-the-art for testing robustness. Although you can write your own tests, you can never perform as many random and denial-of-service tests as you can with fuzzing. You must perform fuzz testing to prove to the FDA that your device is reliable and that the most common bugs are caught.”
Verana Wieser
Verena WieserMedical Device Consultant, Lorit Consultancy
"Testing our embedded software with white-box fuzzing by Code Intelligence helped us achieve better, more secure code. We wouldn't achieve this with black-box fuzzers."
Senior Embedded Engineera MedTech company
“One of the biggest advantages of instrumented fuzz testing is that you can execute your code in a Software-in-the-Loop simulator. My favourite part of instrumented fuzzing is that finding the root cause is so easy, and for a manager, it means I can save budget.”
Michael von Wenckstern 2024
Michael Von WencksternProduct Cybersecurity Governance, Risk and Compliance Specialist, Continental AG
"Thanks to Code Intelligence fuzzing approaches, our security testing became significantly more effective. All our developers are now able to fix business critical bugs early in the development process, without false-positives."

 

Andreas Weichslgartner
Andreas WeichslgartnerSenior Technical Security Engineer, CARIAD
”Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It's like having an automated security expert always by your side.”
thomas-dohmke
Thomas DohmkeCEO, GitHub

Why choose Code Intelligence?

Medical device, automotive, telecom, machinery, and IoT manufacturers leverage Code Intelligence to test their products, effectively reducing the risk of delayed releases, costly fixes, malfunctions in critical systems, and cyber attacks.

Book your free demo with one of our senior engineers now and take the first step towards robust, secure software development with Code Intelligence.

  • Automate software testing for embedded systems.
  • Detect critical bugs & vulnerabilities early in the development.
  • Uncover only actual issues without false positives.
  • Enable developers to reproduce & fix issues in minutes, not weeks.
  • Ensure compliance with industry standards.

Frequently asked questions

What is fuzz testing again?

Fuzzing is a dynamic application security testing method used for finding functional bugs and security issues in software. During a fuzz test, a program gets executed with invalid, unexpected, or random inputs, with the aim to crash the application. Fuzzing is proven highly effective for testing embedded systems like medical devices. Learn more about fuzzing in this blog post.

Does fuzzing integrate into CI/CD pipeline?

Yes, the integration allows automatically test your software with every pull request. This ensures regressions and release blockers are identified long before reaching production.

We regularly do penetration testing. How does fuzzing contribute to pentests?

Do fuzz testing first to identify all possible issues automatically, view the percentage of code covered, and identify parts of the software requiring targeted pentest. Thus, you can optimize the efforts of penetration testers by focusing on areas untouched by fuzzing.


Useful resources

Vector

Fuzzing in FDA’s requirements for medical device security

Learn about the United States Food and Drug Administration’s cybersecurity requirements for medical devices and how fuzz testing plays a role in compliance.  

Vector

Best practices for embedded security testing

Navigate the complexities of embedded software security with our expert guide. Learn best practices, explore dynamic and static analysis tools, and discover how CI/CD-integrated fuzz testing enhances safety and security.

Vector

Securing medical devices: role of fuzz testing in cybersecurity

Discover how fuzz testing addresses the 59% rise in medical device vulnerabilities in 2023. Learn why the FDA and European Commission recommend this method to enhance patient safety and device security.