Helm features

What is Helm?

Helm is a comprehensive Software Bill of Materials (SBOM) and vulnerability management tool designed especially for medical device manufacturers (MDMs) to provide full visibility over your software supply chain and help you prioritize and remediate cybersecurity risks effectively. You can also track multiple software versions across devices, enabling you to easily handle the complex needs of medical devices with long lifespans and infrequent updates. Learn more about how Helm helps you meet FDA cybersecurity expectations.

Key features

FDA compliance

  • Supports NTIA and FDA cybersecurity requirements for SBOMs.

  • Provides tools for Secure Product Development Framework (SPDF).

  • Automated lifecycle management: Lifecycle rules automatically apply Level of Support and End-of-Life (EOL)/End-of-Support (EOS) information to components across your product portfolio, ensuring consistency and compliance with FDA cybersecurity requirements. EOL/EOS tracking enables you to identify and reduce risk due to outdated components that no longer receive security updates.

Take the Medcrypt FDA cybersecurity readiness quiz to get started!

Broad ecosystem visibility

  • Tracks both open-source software (OSS) and commercial third-party software.

  • Supports real-time operating systems (RTOS) and other operating systems to give a comprehensive view of your software ecosystem.

SBOM management

  • Handles SBOMs from open source, commercial tools, and manual uploads.

  • Matches your software against the National Vulnerability Database (NVD) and package managers using advanced normalization techniques. For example, Helm will normalize values such as “windows10”, “windows_10”, and “win 10” to the official value, such as Windows 10.

  • Manage component licenses. Import or manually add license information. Helm can also add missing license information when you upload a new SBOM or you can add them on-demand per component.

  • Auto-enriches inaccurate or missing CPEs and PURLs.

  • Automated lifecycle rules: Create rules in the Rules manager to automatically apply Level of Support and End-of-Support/End-of-Life (EOS/EOL) information to components based on supplier name, component name, and version. Rules ensure consistency across your product portfolio and take precedence over user-provided lifecycle data.

  • If we can't identify a match in the NVD, you can create aliases to match components to software in the NVD. These will be auto-matched for all future SBOMs.

Vulnerability management

Regulatory reporting

Last updated

Was this helpful?