Benefiting from Software Transparency: From SBOM to Vulnerability Management

Software bills of material (SBOM) capture software used in products. SBOMs are prerequisites to proactive product security, as well as vulnerability and risk management programs. However, extracting the full potential value of SBOMs at scale will take sustained effort, requiring tooling to overcome inherent complexities.

Understanding the constraints of healthcare cybersecurity

The sobering reality is that all the promise held in technology advancing healthcare is foundationally reliant on security. Unfortunately, not only does the healthcare supply chain inherit what makes information security hard, healthcare additionally inherits economic constraints that allow security debt to pass to consumers. Watch the webinar where Seth explores the six constraints.

A patient safety approach for assessing medical device vulnerabilities

With medical devices being increasingly network-connected, we leveraged our collective expertise in medical device security and clinical risk management, to provide a holistic analysis of vulnerabilities in the medical device space through the assessment of clinical case studies using quantitative analytics, and a discussion of incident prevention recommendations.

What medical device vendors can learn from Past cybersecurity vulnerability disclosures

The 2021 update of our analysis of ICS-CERT cybersecurity disclosures reveals device vendors reported a 6.4-fold increase in vulnerabilities per month since the FDA released their Cybersecurity Guidance.

A medical device cybersecurity toolbox

There is no silver bullet. Complying with FDA cybersecurity regulations requires a variety of processes and technologies. A hypothetical device vendor’s approach to securing their product is analyzed, and leading tools are identified.

A tool in medical device cybersecurity - MedCrypt

In this paper we highlight the specific cybersecurity requirements that can be satisfied using various features of MedCrypt.

Understanding international medical device cybersecurity guidance

Medical device cybersecurity requirements from global regulators will continue to evolve as the industry and ecosystem matures. The industry must be cautious against over reliance on “security frameworks” and must rapidly iterate to keep up with emerging technology best practices.


International regulators as well as customers are expecting Medical Device Manufacturers to deliver proactively secured devices. A deep dive into the unique considerations when threat modeling for medical devices.

The missing link between cybersecurity vulnerabilities and patches

An analysis of ICS-CERT cybersecurity disclosures reveals no correlation between a vulnerability’s CVSS score and the likelihood a patch will be made available by the manufacturer.

Impact of monitoring on medical device vulnerabilities

The root causes associated with medical device cybersecurity disclosures to date, reveals 81.8% of the related root causes would be impacted by the implementation of monitoring practices.