{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T02:12:59Z","timestamp":1773195179510,"version":"3.50.1"},"reference-count":69,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/acsacw69556.2025.00023","type":"proceedings-article","created":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T19:56:13Z","timestamp":1773086173000},"page":"185-198","source":"Crossref","is-referenced-by-count":0,"title":["A Moonshot for Trustworthy Medical Software Updates Using Automated Insulin Delivery Systems as a Proving Ground"],"prefix":"10.1109","author":[{"given":"Josiah","family":"Dykstra","sequence":"first","affiliation":[{"name":"Designer Security, LLC,Ellicott City,MD"}]},{"given":"Shannon","family":"Lantzy","sequence":"additional","affiliation":[{"name":"Shannon Lantzy, LLC,Silver Spring,MD"}]},{"given":"Eugene Y.","family":"Vasserman","sequence":"additional","affiliation":[{"name":"Kansas State University,Manhattan,KS"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Cyber Hard Problems: Focused Steps Toward a Resilient Digital Future","year":"2025"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1001\/jama.2024.2103"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.2337\/db20181"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.jmacro.2020.103262"},{"issue":"1","key":"ref5","article-title":"The need for accelerated Medicare coverage of innovative technologies: Impact on patient access and the innovation ecosystem","volume":"7","author":"Ruggles","year":"2022","journal-title":"Health Management, Policy and Innovation (HMPI)"},{"key":"ref6","article-title":"Digital health technology trends: A survey of digital healthcare decision-makers","year":"2021"},{"key":"ref7","article-title":"Automated insulin delivery systems: Which one is right for you?","year":"2025"},{"key":"ref8","article-title":"The national need for software understanding: The present crisis, technical capability gaps, and path forward","volume-title":"Sandia National Laboratories, Tech. Rep. SAND2025-03576R","author":"Ghormley","year":"2025"},{"key":"ref9","article-title":"Closing the software understanding gap","volume-title":"Cybersecurity and Infrastructure Security Agency, Defense Advanced Research Projects Agency, Office of the Under Secretary of Defense for Research and Engineering, National Security Agency, Tech. Rep.","year":"2025"},{"key":"ref10","article-title":"Cybersecurity in medical devices: Quality system considerations and content of premarket submissions","year":"2025"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.4324\/9781315256894-38"},{"key":"ref12","article-title":"Postmarket management of cybersecurity in medical devices","year":"2016"},{"key":"ref13","article-title":"Breaking (and fixing) a widely used continuous glucose monitoring system","volume-title":"11th USENIX Workshop on Offensive Technologies (WOOT \u201917)","author":"Reverberi"},{"key":"ref14","article-title":"Hacking medical devices for fun and insulin: Breaking the human SCADA system","author":"Radcliffe","year":"2011"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1177\/1932296815583334"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW60967.2024.00039"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2025.104733"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3689942.3694740"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3689942.3694740"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1177\/1932296818808307"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110882"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-014-9308-x"},{"key":"ref23","article-title":"Cybersecurity of firmware updates","volume-title":"National Highway Traffic Safety Association, Tech. Rep. DOT HS 812 807","author":"Bielawski","year":"2020"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1177\/1359105317718615"},{"key":"ref25","article-title":"GlucOS: Security, correctness, and simplicity for automated insulin delivery","author":"Venugopalan","year":"2024"},{"key":"ref26","article-title":"St. Jude stock tumbles as report questions company\u2019s cybersecurity","volume-title":"The Minnesota Star Tribune","author":"Carlson","year":"2016"},{"key":"ref27","first-page":"4909","article-title":"There are rabbit holes I want to go down that I\u2019m not allowed to go down\u201d: An investigation of security expert threat modeling practices for medical devices","volume-title":"USENIX Security Symposium","author":"Thompson"},{"key":"ref28","article-title":"Evaluation of automatic class III designation for Control-IQ technology: Decision memorandum","year":"2019"},{"key":"ref29","article-title":"FDA warns patients and health care providers about potential cybersecurity concerns with certain Medtronic insulin pumps","year":"2019"},{"key":"ref30","article-title":"Tandem Diabetes Care announces FDA approval and launch of t:slim X2 insulin pump with Dexcom G5 mobile CGM integration","year":"2017"},{"key":"ref31","article-title":"AAMI TIR57:2016\/(R)2023; Principles for medical device security\u2014Risk management","year":"2023","journal-title":"Association for the Advancement of Medical Instrumentation (AAMI), Tech. Rep."},{"key":"ref32","article-title":"AAMI TIR97:2019\/(R)2023; Principles for medical device security\u2014Postmarket risk management for device manufacturers","year":"2023","journal-title":"Association for the Advancement of Medical Instrumentation (AAMI), Tech. Rep."},{"key":"ref33","article-title":"Tidepool Loop","year":"2025"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC.2003.1200664"},{"key":"ref35","first-page":"911","article-title":"SweynTooth: Unleashing mayhem over Bluetooth Low Energy","volume-title":"USENIX Annual Technical Conference (USENIX ATC)","author":"Garbelini"},{"key":"ref36","article-title":"OpenAPS","author":"Lewis","year":"2025"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1089\/dia.2020.0535"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/s11517-023-02912-0"},{"key":"ref39","article-title":"Omnipod app on Android failure today","year":"2025"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.2307\/1879431"},{"key":"ref41","article-title":"Ensuring cybersecurity of devices","year":"2022"},{"key":"ref42","article-title":"HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information: Fact Sheet","year":"2024"},{"key":"ref43","article-title":"My diabetes data is a matter of life and death","volume-title":"Z\u00f3calo Public Square","author":"O\u2019Donnell","year":"2025"},{"key":"ref44","article-title":"HIPAA is obsolete","author":"Edmiston","year":"2024","journal-title":"New England Journal of Medicine"},{"key":"ref45","article-title":"2025 medical device cybersecurity index","year":"2025"},{"key":"ref46","article-title":"FDA warns of cybersecurity risk with certain Medtronic insulin pumps","volume-title":"Reuters","year":"2022"},{"key":"ref47","first-page":"169","article-title":"Why Johnny can\u2019t encrypt: A usability evaluation of PGP 5.0","volume-title":"USENIX Security Symposium","volume":"348","author":"Whitten"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.3389\/fcdhc.2022.876511"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3213764"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1177\/19322968231214271"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.2337\/cd24-0042"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1016\/s0065-2458(08)60483-0"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/RBME.2023.3331297"},{"key":"ref54","article-title":"Opportunities and challenges in explainable artificial intelligence (XAI): A survey","author":"Das","year":"2020"},{"key":"ref55","article-title":"Artificial intelligence-enabled medical devices","year":"2025"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1177\/19322968251327602"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3339270"},{"key":"ref58","article-title":"Medical device and health IT joint security plan version 2","volume-title":"Health Sector Coordinating Council, Tech. Rep.","year":"2024"},{"key":"ref59","article-title":"Deep technologies & moonshots: Should we dare to dream?","author":"Thierer","year":"2018"},{"key":"ref60","article-title":"The Heilmeier Catechism"},{"key":"ref61","article-title":"The hidden questions behind the Heilmeier questions","year":"2023"},{"key":"ref62","article-title":"Medical Device Development Tools (MDDT)","year":"2024"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1002\/9781119644682"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.2196\/12568"},{"key":"ref65","article-title":"DARPA AI Cyber Challenge (AIxCC)","year":"2025"},{"key":"ref66","article-title":"Nudge BG, Inc. \u2013 Helmsley Charitable Trust"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1115\/1.4046739"},{"key":"ref68","article-title":"Cyber Grand Challenge (CGC)"},{"key":"ref69","article-title":"Patching up: Stakeholder experiences of security updates for connected medical devices","volume-title":"USENIX Security Symposium","author":"Kustosch"}],"event":{"name":"2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)","location":"Honolulu, HI, USA","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,9]]}},"container-title":["2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11417955\/11417996\/11418005.pdf?arnumber=11418005","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T05:31:31Z","timestamp":1773120691000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11418005\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":69,"URL":"https:\/\/doi.org\/10.1109\/acsacw69556.2025.00023","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}