Helm features

What is Helm?

Helm is a comprehensive Software Bill of Materials (SBOM) and vulnerability management tool designed especially for medical device manufacturers (MDMs) to provide full visibility over your software supply chain and help you prioritize and remediate cybersecurity risks effectively. You can also track multiple software versions across devices, enabling you to easily handle the complex needs of medical devices with long lifespans and infrequent updates. Learn more about how Helm helps you meet FDA cybersecurity expectations.

Key features

FDA compliance

• Supports NTIA and FDA cybersecurity requirements for SBOMs.

• Provides tools for Secure Product Development Framework (SPDF).

Medcrypt optimizes your path to FDA cybsecurity readiness.

Broad ecosystem visibility

• Tracks both open-source software (OSS) and commercial third-party software.

• Supports real-time operating systems (RTOS) and other operating systems to give a comprehensive view of your software ecosystem.

SBOM management

• Handles SBOMs from open source, commercial tools, and manual uploads.

• Supports CycloneDX and SPDX formats.

• Matches your software against the National Vulnerability Database (NVD) and package managers using advanced normalization techniques. For example, Helm will normalize values such as “windows10”, “windows_10”, and “win 10” to the official value, such as Windows 10.

• Manage component licenses. Import or manually add license information. Helm can also add missing license information.

• Auto-enriches inaccurate or missing CPEs and PURLs.

• If we can't identify a match in the NVD, you can create aliases to match components to software in the NVD. These will be auto-matched for all future SBOMs.

• Quickly assess which products contain a particular vulnerable component.

Vulnerability management

• Identifies impacted devices instantly during major vulnerabilities like Log4j or WannaCry on Helm's comprehensive dashboard. Helm's dashboard enables you to quickly remedy your most impacted products.

• Zero in on critical vulnerabilities.

• Track progress on unremediated vulnerabilities.

• Prioritize and remediate quickly via continuously monitoring and updating of vulnerability severity, exploitability, Windows KB recommendations, and more.

• Supports CVSS 2, CVSS 3.x, and EPSS severity and exploitability prediction scores. Learn more on CVSS.

• Rescore vulnerabilities in bulk or individually to align with your product's environment and use.

• Remediate vulnerabilities in bulk or individually.

• Quickly assess whether your products are impacted by a particular vulnerability.

• Get daily, weekly, or monthly vulnerability email digests to stay on top of the latest threats.

Regulatory reporting

• Export expert FDA SBOM reports.

• Export VEX or VDR reports.

• Export original or enriched SBOMs.

• Export vulnerabilities report