Software reliability and Cybersecurity in medical devices is becoming increasingly important as the number of connected devices in healthcare and software complexity continue to grow. To address this issue, the Food and Drug Administration (FDA) has published guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.”.

What can be done?

The FDA guidance requires medical device manufacturers and medical software developers to maintain a Software Bill of Materials (SBOM) of the software components used in their products in a standard format. By creating and maintaining a comprehensive list of all the software components for their products, manufacturers can help the FDA assess the security of the device and identify potential vulnerabilities. The list of software components encompasses all programming elements used in medical devices both open-source and proprietary including 3rd party libraries. The FDA guidance applies to all medical devices that contain software, firmware, or programmable logic, inclusive of devices that are network-enabled and software as a medical device (SaMD).

Therefore, manufacturers of all types of medical devices can help to ensure that their products are secure and reliable. By following the recommendations outlined in the FDA guidance, medical device manufacturers can show that they are compliant with industry best practices. Moreover, maintaining an SBOM for all versions of their software, firmware, or programmable logic that is checked regularly against software vulnerabilities increases transparency and improves the security of medical devices.

How Deepbits can help?

Deepbits is a pioneer in the fully automated generation of Software Bill of Materials (SBOM) across multiple code-bases supporting a wide-range of programming languages. Our AI-powered code intelligence platform can be applied at any stage of the Software Development Life Cycle (SDLC) and is able to identify third-party components and dependencies directly from binary code (i.e. compiled executable). When the source code is available, we can validate the production binary from the source code. Also, our product offers very high accuracy scanning large code bases at very speed while maintaining an updated database with new third-party components and new versions of libraries as they are released.

Medical device manufacturers can use Deepbits to:

• Become FDA-compliant by generating and maintaining comprehensive and multi-version Software Bill of Materials (SBOMs) for medical devices whether the source code is available or not.
• Assess software risk and validate vendor-produced SBOMs when integrating third-party software.
• Continuous automated monitoring of the SBOM database for new vulnerabilities and software risks.

Are you looking for an SBOM strategy that meets the requirements set out in the FDA's draft guidance? Look no further than the Deepbits Platform, a solution that allows you to gain transparency and become FDA-compliant with just a few clicks.

Please email us at sales@deepbits.com to find out more and schedule a free demo where you can get a sample of your product SBOM. All results are confidential and we are committed to working with you to identify and resolve any and all risks.