PRODUCT SECURITY HUB RELEASE NOTES

  • ProdSecDesigner
    • Added Vulnerability Management feature, with the ability to track vulnerabilities by either manually adding them or importing from a Microsoft Excel file. The vulnerabilities can also be associated with SBOM Components, Residual Risks or Patches, for full end-to-end traceability. (new feature)
  • ProdSecDesigner
    • Update the Threats and Requirements pages to show the component name and not component type (bug fix)
    • Changed ISO 80001-22 to ISO 80001-2-2 on the Requirements Page (bug fix)
    • Update the Threats Page to include the ability to show residual risks and met and not met requirements (new feature)
    • “Reference to Safety Risk Assessment” field added to Residual Risks page (new feature)
    • Updated new version feature to include the Completed IFU Guidance field in the new version (bug fix)
    • Fixed an issue with using a product name that was already used (bug fix)
    • Update the export feature to include custom threat and requirement details and include R in front of the requirement ids (bug fix)
    • Added Software Bill of Materials (SBOM) feature, with the ability to manually add SBOM components, import from a CycloneDX JSON file, export to a CycloneDX JSON file or a Microsoft Excel human readable file (new feature)
    • Added Patch Management feature, with the ability to track cybersecurity patches by either manually adding them or importing from a Microsoft Excel file (new feature)
  • ProdSecAssessor
    • Initial release of ProdSecAssessor, which provides the ability to assess against a number of industry guidance documents from US FDA, Australian TGA, EU MDCG and more (new feature)
  • ProdSecDesigner
    • Changed dashboard view to group products by product name (new feature)
    • Added ability to create new versions of existing products (new feature)
    • Updated the export file to include product name and added applicability to threat output (new feature)
    • Added a new field (consideration for ifu/labeling) on the risk assessment page (new feature)
    • Added a new field (product status) to the product details page (new feature)
    • Updated component ids in the add a new threat and add a new requirement modal (new feature)
  • ProdSecMaturity
    • Removed the draft guidance, US FDA Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions maturity assessment
    • Added the final guidance, US FDA Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions maturity assessment (new feature)
  • Initial release of Product Security Hub Platform, ProdSecDesigner and ProdSecMaturity.