Newsletter

The Detective’s Notebook.

Practical cybersecurity regulatory insights for medical device teams who'd rather ship than spreadsheet.

Free. No spam. Unsubscribe anytime.

Subscribe to The Detective’s Notebook

We'll send you cybersecurity regulatory insights and guides. You can unsubscribe at any time. See our privacy policy.

Alan Parkinson, creator of Threat Detective

“After helping medical device teams navigate FDA and MDR cybersecurity requirements, I kept writing up the same guidance over and over.

The Detective’s Notebook is where I share those thoughts and insights so more teams can benefit.”

Alan Parkinson
Creator of Threat Detective

From the blog

Recent insights.

FDA reviewers are now asking for VEX/VDR files with your SBOM

Recently a manufacturer received an AINN request asking for VEX and VDR data alongside their CycloneDX SBOM. This isn't in the premarket guidance, but you're almost certainly already doing the work. You just aren't packaging it in the format the FDA now wants.

Alan ParkinsonAlan Parkinson

The EU Cyber Resilience Act and medical devices: what's in scope and what isn't

The EU Cyber Resilience Act (CRA) excludes medical devices under MDR. But health apps, wellness products, and companion apps without medical device claims? They're in scope. If you're using the 'launch as wellness first' strategy, cybersecurity regulation still applies from December 2027

Alan ParkinsonAlan Parkinson

What is an SBOM? Think food labels, but for software

An SBOM (Software Bill of Materials) is essentially an ingredients list for software. Just like checking food labels for allergens, an SBOM lets you scan for known cybersecurity vulnerabilities in your product's third-party components.

Alan ParkinsonAlan Parkinson