npj Digital Medicine (Feb 2021)

Building resilient medical technology supply chains with a software bill of materials

  • Seth Carmody,
  • Andrea Coravos,
  • Ginny Fahs,
  • Audra Hatch,
  • Janine Medina,
  • Beau Woods,
  • Joshua Corman

DOI
https://doi.org/10.1038/s41746-021-00403-w
Journal volume & issue
Vol. 4, no. 1
pp. 1 – 6

Abstract

Read online

Abstract An exploited vulnerability in a single software component of healthcare technology can affect patient care. The risk of including third-party software components in healthcare technologies can be managed, in part, by leveraging a software bill of materials (SBOM). Analogous to an ingredients list on food packaging, an SBOM is a list of all included software components. SBOMs provide a transparency mechanism for securing software product supply chains by enabling faster identification and remediation of vulnerabilities, towards the goal of reducing the feasibility of attacks. SBOMs have the potential to benefit all supply chain stakeholders of medical technologies without significantly increasing software production costs. Increasing transparency unlocks and enables trustworthy, resilient, and safer healthcare technologies for all.