Building Resilient Medical Technology Supply Chains With a Software Bill of Materials

Multiple open-source and commercial tools can help builders compile, build, and maintain SBOMs. Many development environments can optionally produce SBOMs at the time the software is compiled. Some code-repository tools monitor component dependencies, provide alerts for security issues in dependencies, or even automatically replace vulnerable dependencies with less vulnerable alternatives. Additionally, some standalone tools offer similar features to those mentioned above. Another tool that buyer/operators can leverage for communicating SBOM information is the Manufacturer Disclosure Statement for Medical Device Security, which was updated in October 2019 to include a new SBOM section that “supports controls in the Roadmap for Third Party Components in the Device Life Cycle (RDMP) section.