From SBOM upload to submission ready reports.

Built for medical devices, Threat Detective helps you meet FDA and MDR cybersecurity requirements for SBOM, vulnerability and supply chain management.

Alan Parkinson, creator of Threat Detective

“I was tired of stitching reports together from pricey SBOM tool exports and spreadsheets. They weren't built for medical devices.

So I built Threat Detective to give us regulator ready outputs in minutes, not days.”

Alan Parkinson
Creator of Threat Detective

SBOM and Vulnerability Management

Turn vulnerability chaos into clarity.

Small MDM teams don't need another dashboard, they need a calm, guided workflow that ends in audit-ready evidence without late nights wading through vulnerability alerts.

Import SBOMs.
Upload CycloneDX or SPDX files from software development tools. We validate NTIA elements, PURLs/CPEs, and flag what's missing so you can fix it fast.
Find what matters.
We match SOUP/COTS items to vulnerability advisories and exploitability data, all from the NVD, GitHub and KEV databases. New issues appear as a tidy “Needs Decision” queue instead of a wall of CVEs.
Prioritise and analyse findings.
Triage vulnerability findings by KEV/EPSS/CVSS. Record exploitability decisions, document compensating controls, or open a ticket; bulk-apply the same decision across multiple software versions with a clear audit trail.
Export reports and enriched SBOMs.
Generate EU NB summaries, FDA pre-sub/eSTAR sections, and QMS-friendly reports without the lengthy spreadsheet surgery.
Threat Detective components view showing SBOM management

Post-Market Surveillance

Stay ahead of emerging threats.

Cybersecurity doesn't stop at pre-market submission success. New vulnerabilities are discovered all the time in SOUP and COTS items, and continuous monitoring is required for medical device safety and security.

Monitor every deployed version.
Track vulnerabilities across all software versions in the field—whether it's your current release or a legacy build still in clinics. Each version gets continuous surveillance without manual spreadsheet gymnastics.
Smart notifications, not noise.
Receive daily alerts only for Critical and High severity findings, plus a weekly summary. No constant interruptions, just the insights that matter for regulatory compliance.
Automated annual review alerts.
Security decisions require annual review to maintain regulatory compliance. Threat Detective alerts you of upcoming reviews for exploitability assessments, helping you stay ahead of FDA and MDR requirements without manual tracking.
Threat Detective components view showing vulnerability monitoring

Simple, honest pricing

No Enterprise tiers hiding the features you need for compliance. Everyone gets the full platform, charged per medical device project. It's that straightforward, you just choose between monthly or annual billing

Per project, all features included

Every feature you need to meet FDA and MDR cybersecurity requirements, from SBOM validation to submission-ready reports. No upsells, no hidden fees, no “contact sales” gatekeeping.

Everything included

  • All features
  • EU Hosting
  • Unlimited team members
  • Priority email support

Per medical device project

£99per month

First 3 months free for waitlist members