Supply Chain Security for Medical Devices
Project Overview
- Goal: Research & Development on SBOM/SCA through SAST
- Location: Amsterdam
- Timeframe: 6 months (minimum)
- Team: Product Security
- Supervisor: Maroun Habib
Student Attributes
- Education: Computer science and/or Cyber security (MSC is preferred or a strong BSC)
- Technical skills: Cyber security knowledge and development
- Soft skills: Research, self-driven, good communication.
Project Description
In order to ensure that software code is monitored from a supply chain perspective, organizations need to understand what components and dependencies are present in their applications, identify known vulnerabilities within those components, and understand how those vulnerabilities are used in the codebase.
This internship focuses on researching and integrating three critical security practices:
- Software Bill of Materials (SBOM) - Creating a comprehensive inventory of all software components and dependencies
- Software Composition Analysis (SCA) - Identifying known vulnerabilities within those components
- Static Application Security Testing (SAST) - Detecting how vulnerable components are used in the code
The intern will evaluate existing open-source tools and solutions, analyze integration opportunities, and develop a proof-of-concept that combines these practices to create a unified approach for supply chain security and post-market security monitoring.
Objectives
- Research and compare available open-source SBOM, SCA, and SAST tools
- Design an integrated solution that combines these three practices
- Develop a prototype demonstrating tool interoperability and automation
- Document findings, best practices, and implementation guidelines
- Intern will gain knowledge about these state-of-the-art medical devices’ regulations: EU MDR regulation, FDA requirements, IEC 81001-5-1
Interested?
Send your CV and a short motivation to jobs.cybersecurity@bureauveritas.com
We look forward to hearing from you!
📌Pre-employment screening is part of the selection process and annual social media screenings and check of criminal record will be conducted.
What our selection process looks like
