Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

“Achieving software supply chain transparency can increase trust and trustworthiness while
lowering costs of our digital infrastructure. Individual pockets of people, policy, process, and
technology are solving parts of the problem, but not in a systematic and scalable way that
crosses development environments, product lines, vendors, sectors, and nations. A more
systematic and collaborative approach can help.”


Section 524B(a) of the FD&C Act provides that the sponsor of a premarket submission for a cyber device must include information to demonstrate that the cyber device meets the cybersecurity requirements in section 524B(b) of the FD&C Act. The requirements in section 524B(b) of the FD&C Act are:

  • Submit a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures;

  • Design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to the device and related systems; and

  • Provide a software bill of materials, including commercial, open-source, and off-the-shelf software components

Software Bill of Materials (SBOM) for Tidepool software/services

Tidepool Uploader

  • Readable json format SBOM

  • Raw SBOM file for automation/ingestion

Tidepool Data Platform (Tidepool Web)

  • Readable json format SBOM

  • Unformatted SBOM json file for automation/ingestion


Verification and additional info

Anyone can generate an SBOM for public Tidepool source code repositories in Github.

  1. Got to the github.com url for the software repository

    1. Tidepool Uploader

    2. Tidepool Platform

  2. Click the button to Export SBOM

  3. Download the .json file for ingestion or review in an automated tool


  • No labels