Find a cost effective and flexible application security testing solution. Well-structured security testing is required to streamline regulatory certification and code ratify an outsourced app development process.
TLT saw an opportunity when it realized that the current, cuff-based, blood pressure method is error-prone. Inflating a cuff can create alerting responses and false positives. It was clear doctors and patients are looking for more accuracy and ease of use in monitoring blood pressure.
Nita Shah, co-founder and CTO at TLT, continues the story: “Our biosensor is similar in design to a watch and can non-invasively acquire physiological data that is currently only available through intra-arterial blood monitoring. Having started a clinical study with Barts Hospital, we anticipate a positive outcome, and are in the process of commercializing our device. We have global patents in place, and are working with the regulatory authorities on CE mark and FDA approval.”
Delivering a high quality, safe, and fit for purpose device are top priorities for manufacturers. The TLT sensor contains software, embedded in the device, and as a user-friendly phone or tablet app. The challenge was in security verifying these software components, as Nita Shah explains: “Being a start-up, we are cost constrained, and the static software analysis tools on the market were completely beyond my budget. With the increased global importance placed on cybersecurity we needed a flexible security testing solution to satisfy our regulatory auditors.”
TLT is a medical technology corporation that has successfully completed the breakthrough development of a standalone cuff less blood pressure monitoring device that not only delivers highly accurate readings almost anywhere in the body, but can also deliver key information about the entire arterial tree as well as the heart.
TLT turned to Micro Focus Partner IntelliQA for advice. An experienced application delivery management consultancy, IntelliQA recommended Micro Focus Fortify on Demand. This is designed to launch an application security initiative within a day, without the need for infrastructure investments or security staff.
This was welcome news for Nita Shah:
Nita Shah – CO-FOUNDER AND CTO
Tarilian Laser Technologies
“Thankfully, the issues highlighted were relatively minor and easily rectified by our development partners. However, had they been included in the version submitted to our regulatory auditors, it would have caused unnecessary delays to our certification process. As it was, the issues were quickly fixed, we requested a remediation scan through the Fortify on Demand portal, and our app was security-cleared; all in the space of a couple of days.”
TLT’s core competencies are in medical engineering and science and, although the core device technology is managed in-house, the app development is outsourced. With a medical device, there is always the danger of a software bug causing issues in a clinical study or regulatory audit, so risk management is top of mind and the software and associated processes have to be failsafe. Nita Shah knows this is just the beginning for TLT: “We intend to launch at least another five apps for different use cases of our biosensor device, so establishing the right software development and security testing process now is vitally important to us. Using Fortify on Demand gives us an easy way to ratify our developer’s code so that we can feel confident in its performance during clinical studies.”
Because Fortify on Demand is flexible, as the app develops and user feedback is collated, TLT can make code improvements that are simply put through the same assessment to ensure it is robust before progressing its journey towards a commercial device.
It takes years to bring a new medical device to market. However, with the blood pressure monitoring market worth $9B annually and 36 million devices sold every year, it is worth getting it right. Every day saved in achieving regulatory certification is a day closer to bringing the new device to market. This is exactly where Nita Shah sees the value of Micro Focus and IntelliQA:
Nita Shah – CO-FOUNDER AND CTO
Tarilian Laser Technologies
She concludes: “We estimate a static tool would have cost us 150 times more than using the flexible Fortify on Demand solution. Fortify on Demand is now a central part of our software development cycle, and we are delighted with the support from Micro Focus and IntelliQA.”
