Archimydes

The CrowdStrike outage is a stark reminder of how much of our code, and our world, fundamentally runs on C/C++ An out-of-bounds memory read error which is easily mitigated in higher level programming languages via automatic bounds checks and garbage collection, has to be consciously accounted for in C/C++. Never the less, C/C++ is critical and will continue to be critical to much of our world - to those of us that write code in C/C++ please use tools like AddressSanitizer, enable compiler warnings, and perform thorough code reviews and testing to prevent these type of situations from manifesting! Much respect and support to all the teams globally working on mitigating the fallout of this issue 🙏🙏🙏 #CyberSecurity #Programming #SoftwareEngineering

As per the FDA If you even simply acquire medical images, signals, or patterns - and don't even process or analyze them - you are classified as Software as a Medical Device (SaMD) as opposed to Clinical Decision Support (CDS) software. The guidance below provides a good framework for anyone considering building Healthcare related software for the US market. Essentially all of the following four criteria listed below have to be met for the FDA to consider your software CDS vs. a SaMD. In particular the software: 1) CANNOT acquire, process, or analyze medical images, signals, or patterns. 2) Can display, analyze, or print medical information normally communicated between health care professionals (HCPs). 3) Can provides recommendations (information/options) to a HCP rather than provide a specific output or directive. 4) Can provide the basis of the recommendations so that the HCP does not rely primarily on any recommendations to make a decision. You can read the full guidance provided by the FDA here: https://lnkd.in/e5N4DBNW #DigitalHealth #HealthcareAI #TechBio #TechMed #MedTech

Some good Sunday AI reading thanks to our friends from Amazon Web Services (AWS), re: the use of AI in general, and GenAI in particular in healthcare and life sciences (HCLS). There is some amazing work and some great AWS offerings highlighted in the whitepaper, however three use cases in particular caught our eye: 1) HOPPR leveraging generative AI and multimodal foundation models to extract insights from medical images, making them more understandable to healthcare workers at all skill levels. This approach aims to democratize access to advanced diagnostics, especially for the 90% of the world lacking trained radiology specialists. 2) Smart Reporting GmbH integrates LLMs into its “SmartReports” software to automatically suggest impressions as part of clinical reporting. This reduces the documentation burden on physicians, saves significant time, and improves the consistency and quality of medical reports. The structured, machine-readable outputs also enable enhanced analytics for better treatment planning and patient care. 3) V7 is iteratively teaching and improving the accuracy of AI through human-in-the-loop workflows, with a particular emphasis on medical imaging and surgical video modalities. By supporting multimodal datasets and advanced visualization, V7’s solutions accelerate the progress of AI in healthcare, enabling more accurate data annotation and interpretation. 3 amazing mission-driven AI companies run by 3 awesome founders - Dr. Khan Siddiqui, MD (HOPPR), Prof Wieland Sommer (Smart Reporting), and Alberto Rizzoli (V7)! Thank you to Alex Merwin via one of our founding members Mohamed Sadeq Ali for the share! #HealthcareInnovation #GenerativeAI #HealthcareAI

Some good Sunday AI reading thanks to our friends from Amazon Web Services (AWS), re: the use of AI in general, and GenAI in particular in healthcare and life sciences (HCLS). There is some amazing work and some great AWS offerings highlighted in the whitepaper, however three use cases in particular caught our eye: 1) HOPPR leveraging generative AI and multimodal foundation models to extract insights from medical images, making them more understandable to healthcare workers at all skill levels. This approach aims to democratize access to advanced diagnostics, especially for the 90% of the world lacking trained radiology specialists. 2) Smart Reporting GmbH integrates LLMs into its “SmartReports” software to automatically suggest impressions as part of clinical reporting. This reduces the documentation burden on physicians, saves significant time, and improves the consistency and quality of medical reports. The structured, machine-readable outputs also enable enhanced analytics for better treatment planning and patient care. 3) V7 is iteratively teaching and improving the accuracy of AI through human-in-the-loop workflows, with a particular emphasis on medical imaging and surgical video modalities. By supporting multimodal datasets and advanced visualization, V7’s solutions accelerate the progress of AI in healthcare, enabling more accurate data annotation and interpretation. 3 amazing mission-driven AI companies run by 3 awesome founders - Dr. Khan Siddiqui, MD (HOPPR), Prof Wieland Sommer (Smart Reporting), and Alberto Rizzoli (V7)! Thank you to Alex Merwin via one of our founding members Mohamed Sadeq Ali for the share! #HealthcareInnovation #GenerativeAI #HealthcareAI

In the final edition, we will cover Guidelines For Effective Monitoring and Responses with real-world examples and potential mitigations/best practices for them. This is crucial in understanding potential angles threat actors could use when trying to exploit your application. This article is written by Prabu Karuppiah, a Full-stack Application Developer who is part of the Archimydes Guild. #security #logging #monitoring #owasptop10 #securitybreach #softwaredevelopment #softwareengineering #threatactors #startup

In this week's edition, we will cover the importance and fundamental risk of not having proper logging and monitoring mechanisms in place for your application. This includes a number of example scenarios to give you real-world insights and practical uses into how threat actors could exploit these mechanisms to attack and damage your applications. This article is written by Prabu Karuppiah, a Full-stack Application Developer who is part of the Archimydes Guild. #security #logging #monitoring #owasptop10 #securitybreach #softwaredevelopment #softwareengineering #threatactors #startup

In this week's edition, we will cover some techniques and tools to secure your Infrastructure. This includes an example scenario that compares two different infrastructure tools for a specific security requirement to provide a real-world view of these tools and how to utilize them. This article is written by Prabu Karuppiah, a Full-stack Application Developer who is part of the Archimydes Guild. #infrastructure #tools #security #engineering #startup #softwareengineering #softwaredevelopment

So far we have covered the foundation of securing your product by examining what the most critical code related vulnerabilities are, potential examples and mitigation, and a selection of tools that can be used to ensure you feel comfortable that your code is protected. This is all absolutely essential in your security but can mean little if the infrastructure that you code is run on is not secured. For example, you wouldn’t take the time to build a masterpiece of a car to only leave it on the street with the door open and keys inside. This exact analogy applies to your application that is the heart of your organization and as such the overarching protection should not be open and unguarded.The resulting consequences can be far reaching spanning from data loss to negatively impacting the application’s availability and reliability. In the worst case, this can result in the loss of confidential information related to customers, employees or company IP. In this article, we will explore the three OWASP Top 10 vulnerabilities directly related to infrastructure in order to understand these issues. This article is written by Prabu Karuppiah, a Full-stack Application Developer who is part of the Archimydes Guild. #infrastructure #security #engineering #code #softwaredevelopment #productdesign #startup #startupgrowth

In the last two posts, we covered what secure code is and then dived into real-life scenarios of secure code with mitigations for the five code-related OWASP (Open Web Application Security Project) vulnerabilities. Now, let's explore the real defense against these vulnerabilities through the use of tools. With these tools (some leveraging AI) and accomplishing security-related services available today, you can quickly detect the most common vulnerabilities. Additionally, in some cases, they can guide you on how to fix these vulnerabilities as well. But where the problem lies is that all tools offer slightly different features that may not work for your particular application needs. This article is written by Prabu Karuppiah, a Full-stack Application Developer who is part of the Archimydes Guild. Please read and subscribe! Let us know how many tools you currently use in the comment section? #securecode #engineering #security #securitytools #softwareengineering #owasptop10 #owasp #vulnerability

In the first edition of the series, we explored exactly what the 5 code-related vulnerabilities from OWASP were. Now, let's dive into these further with real-world scenario examples of each with corresponding potential mitigations. This article is written by Prabu Karuppiah, a Full-stack Application Developer who is part of the Archimydes Guild. #engineering #securecode #tech #softwaredevelopment #softwareengineering #vulnerability