Software of Unknown Provenance

To follow up on Lei Zong‘s post last week about threat assessments, a specific area of concern that is overlooked is related to vulnerabilities of Software of Unknown Provenance (SOUP) items. The FDA has been working to change that by requiring a more systematic approach to analyze SOUP defects and vulnerabilities. To this end, public vulnerability databases can help identify existing security issues in certain SOUP items. It’s important to note that these databases rely on the accurate reporting of vulnerabilities, so a lack of issues doesn’t necessarily mean that the SOUP items are secure. A threat assessment tailored for your instrument development should still be performed to identify specific concerns. What are some other ways of identifying known security vulnerabilities in your experience? Contact us to start a conversation about improving the security handling of your instrument today.

Alexis McKenzie


Every challenge is different – Tell us about yours.