Building resilient medical technology supply chains with a software bill of materials

Seth Carmody; Andrea Coravos; Ginny Fahs; Audra Hatch; Janine Medina; Beau Woods; Joshua Corman

doi:10.1038/s41746-021-00403-w

npj Digital Medicine (Feb 2021)

Building resilient medical technology supply chains with a software bill of materials

Seth Carmody,
Andrea Coravos,
Ginny Fahs,
Audra Hatch,
Janine Medina,
Beau Woods,
Joshua Corman

Affiliations

Seth Carmody: MedCrypt
Andrea Coravos: Elektra Labs, Inc
Ginny Fahs: Aspen Institute Tech Policy Hub
Audra Hatch: I Am The Cavalry
Janine Medina: Biohacking Village
Beau Woods: Biohacking Village
Joshua Corman: Pennsylvania State University Policy Innovation Lab of Tomorrow (PILOT)

DOI: https://doi.org/10.1038/s41746-021-00403-w
Journal volume & issue: Vol. 4, no. 1
pp. 1 – 6

Abstract

Read online

Abstract An exploited vulnerability in a single software component of healthcare technology can affect patient care. The risk of including third-party software components in healthcare technologies can be managed, in part, by leveraging a software bill of materials (SBOM). Analogous to an ingredients list on food packaging, an SBOM is a list of all included software components. SBOMs provide a transparency mechanism for securing software product supply chains by enabling faster identification and remediation of vulnerabilities, towards the goal of reducing the feasibility of attacks. SBOMs have the potential to benefit all supply chain stakeholders of medical technologies without significantly increasing software production costs. Increasing transparency unlocks and enables trustworthy, resilient, and safer healthcare technologies for all.

Published in npj Digital Medicine

ISSN: 2398-6352 (Online)
Publisher: Nature Portfolio
Country of publisher: United Kingdom
LCC subjects: Medicine: Medicine (General): Computer applications to medicine. Medical informatics
Website: https://www.nature.com/npjdigitalmed/

About the journal