Open Source in Medtech: Nordic Brain Tech and Debricked
One of our newest customers is Nordic Brain Tech; a norwegian medtech startup in the process of developing a product that treats migraine without medicine. As a person who suffers from migraines myself I was amazed by what they have created, and the fact that Debricked gets to be a small part of their journey makes me extremely proud! Let’s jump into the interview with Marcus, CTO.
Hi Marcus at Nordic Brain Tech, tell me about you guys!
We are a startup with roots in NTNU, the university in Trondheim. It all started in 2015, when three scientists wanted to find an alternative treatment against migraine for children. Migraine is usually treated with painkillers, which might not always be the best, or the desirable, option.
Using biofeedback, which is a way of training your brain to control bodily functions such as heartbeat, breathing and even the perception of pain, we created a possibility to relieve migraine pains without medication. Biofeedback has been used to treat migraine for years in hospitals, but our technology can make it accessible for the masses.
In 2019 Nordic Brain Tech was founded, and since then we have been working on actually developing the product. On the way, we also developed what we call Brain Twin; a digital headache diary to keep track of your symptoms, get alerts for medicine and much more.
What’s your role in the company, and what’s your background?
My title is CTO, but as always when it comes to smaller companies and startups, it means that I do anything and everything tech related. I have a bachelor degree in statistics and a master’s degree in robotics from NTNU. I am one of the co-founders of Nordic Brain Tech and I work full-time together with two colleagues. We also work closely with the other founders on our team who have medical backgrounds from neurology, medicine and psychology.
As a medtech company; what does security mean to you?
We handle a lot of sensitive customer data which of course needs to be protected. Because of this, both security and privacy have always been top priority. We have also noticed that these issues have become more commonly spoken about and that the general awareness has increased, especially after GDPR entered into force a couple of years ago.
Besides that, there are a lot of other standards we need to make sure we comply with, such as ISO 27001 and Normen, a set of guidelines for information security in the healthcare industry in Norway. And, of course we always try to follow state of the art standards such as OWASP Top 10, which is where Debricked becomes relevant. We use mostly open source in our product, and the tool is a great way of keeping track of new vulnerabilities without having to spend a lot of time on research.
What about security practices within the team; how do you guys handle open source?
When it comes to security in general we have a lot of policies, practices and guidelines of course. When it comes to open source specifically, I would say that we have a little way to go. We try to make it a team effort, but as of right now a lot of it ends up on my table. For now, the rule is that if you do want to use a new open source library, it’s your own responsibility to make sure it’s secure and present documentation to prove it.
So, can you get into how you use the Debricked tool?
Ever since the first time I tried the tool, I found it very easy to use. We have integrated Debricked with Github and run it on each pull request we perform. If it turns out that we have a vulnerability, we take a look at the suggested fix and try to solve it.
The number one thing for us is being able to get a notification when there’s a new vulnerability. It’s very nice not having to check and backtrack, but instead letting the tool take charge. It allows us to put our mind and energy elsewhere.
We have tried a couple of different solutions before, but they have all been slower and more inconsistent than Debricked. Being able to get a quick and up-to-date response is very important to us.
Another thing that I really like is that we in the tool can find a lot of information about the vulnerability. The vulnerability triangle with the CVSS score allows us to prioritize what needs to be solved first and what can wait for later.
Lastly, what do you guys have going on in the near future?
Since we launched Brain Twin in June we have received a lot of feedback that we are currently working on. We are also in the middle of raising capital, so that of course takes a lot of time. Other than that, we have a big release coming up in september, so stay tuned for more!
We are very grateful that Marcus was able to take some time to chat with us. Let’s see what the future holds for Nordic Brain Tech – I am sure that there are great things to come.