How to Build an SBOM That Passes FDA Review

SBOMs are one of the most common sources of FDA deficiencies in medical device submissions. Most companies think they're doing it right, but then they get feedback asking for missing components or clarification on what's included.In this webinar, Christian Espinosa and Trevor Slattery explain what the FDA actually expects in an SBOM and why it's not just about listing third-party libraries. You need to include first-party code too. You need to follow the NTIA minimum elements. And you need to provide it in a machine-readable format like SPDX or CycloneDX.Trevor walks through the history of SBOMs, from their origins in licensing compliance to their current role in medical device cybersecurity. He explains the shift-left approach the FDA wants to see and why transparency matters for healthcare delivery organizations making purchasing decisions.The webinar also addresses a big concern people have. Does publishing an SBOM give attackers a roadmap to your system? Trevor breaks down why that's not actually a problem if you're managing your security properly.If you're building a connected medical device or preparing for an FDA submission, this is a clear breakdown of how to get your SBOM right the first time.Webinar Breakdown:00:00 Welcome and introduction to SBOMs00:44 What is an SBOM and why does it matter03:10 The history of SBOMs: From licensing to cybersecurity07:20 Why the FDA cares about SBOMs11:30 The biggest mistake: Leaving out first-party code15:45 NTIA minimum elements explained19:20 Machine-readable formats: SPDX and CycloneDX23:00 Real-world examples: Log4j and Shellshock26:15 Do SBOMs give attackers a roadmap? The truth29:40 Common myths about SBOMs33:50 Key takeaways for FDA submissions36:20 Q&A session beginsBlue Goat Cyber provides essential cybersecurity solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1