Blue Goat Cyber^SMMedical Device Cybersecurity

⌘K

Book Strategy Session How to prepare →

All regulatory tracker entries

Apr 15, 2024·SPDX (Linux Foundation) · SpecificationActiveMedium impact

SPDX 3.0 final published - adds AI and dataset profiles

SPDX 3.0 introduces profiles (Software, Security, AI, Dataset) that align directly with SaMD and PCCP cybersecurity expectations.

What changed

AI profile lets you describe model components, training data, and security properties in the SBOM.
Profiles can be mixed-and-matched per document.

Action for manufacturers

If you ship AI/ML SaMD, evaluate SPDX 3.0 AI profile output - reviewers asking about model provenance will accept it well.

Primary sources

SPDX specifications

Related Blue Goat Cyber resources

CycloneDX vs SPDX for medical devices

Entry metadata

Date: Apr 15, 2024
Agency: SPDX (Linux Foundation)
Type: Specification
Status: Active
Impact: Medium
Last reviewed: Jun 5, 2026

Applies to

SBOM producers
AI/ML SaMD

Ready when you are

Get FDA cleared without the cybersecurity headaches.

30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.

Book strategy session Explore services