Digi is working with UK embedded electronic design and software consultancy ByteSnap Design to help manufacturers address the growing security and regulatory problems facing medical devices and other connected industrial IoT systems.

The two companies announced a managed security service earlier this year. The bundled embedded Linux security service offering targets long-life connected devices, combining vulnerability intelligence, targeted patching and deployment validation for heterogeneous hardware estates.

During a recent webinar, experts from ByteSnap Design and Digi (www.digi.com) outlined how the internet of medical things (IoMT) is expanding the attack surface for connected devices.

With regulators shifting from guidance to enforceable requirements, including FDA cyber-security mandates in the USA and the EU’s Cyber Resilience Act (CRA) and NDR obligations, manufacturers must demonstrate robust risk management, software bill of materials (SBoM) generation, continuous vulnerability monitoring and field patching capabilities throughout a device’s entire lifecycle.

“Device makers are coming to us with the need for automated, continuous security monitoring to meet internal compliance and extended regulatory requirements such as the CRA,” said Graeme Wintle, director of ByteSnap Design. “Digi’s monthly curated CVE reports, combined with our integration, testing and platform support expertise, provide manufacturers with actionable intelligence and peace of mind. This partnership lowers risk, reduces the engineering burden and enables OEMs to focus on their core innovation while maintaining security over long product lifecycles.”

Key elements of the joint approach include:

• SBoM as a living operational tool: Automatically generated during builds, linked to vulnerability databases (CVE and CVSS), and continuously updated.
• Digi ConnectCore security services: Expert-curated monthly reports that filter thousands of potential vulnerabilities to highlight only those relevant to a customer’s specific configuration, along with pre-integrated security patches via a Yocto meta layer.
• ByteSnap Design’s integration expertise: Support for embedding security features including secure boot, encrypted file systems and TrustFence, kernel migration to supported LTS versions, full BSP integration, testing and release packaging, available for Digi hardware and third-party and chip-down offerings.
• Lifecycle management: Ongoing monitoring, OTA update support and risk-based remediation that aligns with regulatory expectations for patient safety, data protection and device integrity.

This is particularly valuable for medical device manufacturers transitioning from hospital to home-based deployments, as well as companies in automotive, defence, energy and other regulated sectors.

With over 18 years of experience and expertise, including embedded Linux, IoT, Atex and FPGA development, and cyber security, ByteSnap Design (www.bytesnap.com) delivers embedded systems for clients from start-ups to global corporations.