Software Bill of Materials (SBOM) for Tidepool Software

“Achieving software supply chain transparency can increase trust and trustworthiness while
lowering costs of our digital infrastructure. Individual pockets of people, policy, process, and
technology are solving parts of the problem, but not in a systematic and scalable way that
crosses development environments, product lines, vendors, sectors, and nations. A more
systematic and collaborative approach can help.”

• Framing Software Component Transparency: Establishing a Common Software Bill of Material (SBOM)

Section 524B(a) of the FD&C Act provides that the sponsor of a premarket submission for a cyber device must include information to demonstrate that the cyber device meets the cybersecurity requirements in section 524B(b) of the FD&C Act. The requirements in section 524B(b) of the FD&C Act are:

• Submit a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures;

• Design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to the device and related systems; and

• Provide a software bill of materials, including commercial, open-source, and off-the-shelf software components

Software Bill of Materials (SBOM) for Tidepool software/services

Tidepool Uploader

• Readable json format SBOM
  

Tidepool Data Platform (Tidepool Web)

• Readable json format SBOM
  

Verification and additional info

Anyone can generate an SBOM for public Tidepool source code repositories in Github.

1. Got to the github.com url for the software repository

   1. Tidepool Uploader

   2. Tidepool Platform
      

2. Click the button to Export SBOM

   

3. Download the .json file for ingestion or review in an automated tool