As software becomes prevalent in connected medical devices, OEMs and their suppliers find themselves increasingly reliant on Open Source Software (OSS) to speed up development and drive innovation.
For legal teams this means navigating an increasingly complex web of licenses and terms associated with OSS, that could lead to license term violations, conflicting licenses and even usage of non-permissive licenses.
But current legal compliance practices are unsustainable – they are time consuming, inaccurate and highly manual tasks. If not managed properly, manufacturers risk exposure to legal litigation, financial sanctions and brand equity erosion.
Cybellum enables medical device manufacturers and their suppliers to manage OSS licensing and minimize legal risk, without disrupting their R&D teams. Our Cyber Digital Twins™ platform provides the visibility, agility and control needed for reliable and scalable open source licensing validation.
Enforce OSS licensing policies across your organization – approved and preferred licenses, licensing violations and conflicts and component usage
Accurately expose software composition (CBOM), including packages, versions, licenses and more for better, more reliable analysis. No source code needed
CODE SNIPPET DETECTION
Identify OSS from code snippets even if only parts of an open-source source tree are compiled, using indicators found in compiled (binary) files
Speed and Scale
Reduce manual efforts by automating license compatibility validation against your OSS licensing policies
Use preset policies or configure Cybellum with your own Free and Open Source Software (FOSS) licensing rules
Let the right user perform the right task – from software component administration to license management to usage approval
Track your legal risk status within and across development programs to advance your risk posture over time
Capture system and user activities providing documented evidence in support of auditing
The Cyber Digital Twins™ platform provides you the infrastructure to develop and maintain secure products at scale. It unifies pre-production Product Security Assessments with post-production Product Security Operations, providing you the visibility, context and agility needed to secure connected medical products across their lifespan. No source code needed.