Upload new version of SBOM with each release

To keep track of various versions of your SBOM and to ensure that your SBOM is accurate for each product release to meet FDA requirements and protect your customers and their patients, you should create a new version of your SBOM whenever your team:

• Updates the device or application

• Adds or removes a dependency component or changes a dependency component version

• Adds one or more Windows KBs to a device version

• Adds a Windows KB to a vulnerability

• Upgrades the version of a dependency componen

This will help ensure your readiness for your pre-market FDA submission, while ensuring that customers post-market understand whether they are affected by vulnerabilities associated with a particular version of your product. Refer to Export your SBOM for more information.