I'm working on an IEC 62304 compliant project for a mobile medical application with mostly class A and some class B elements. The standard requires in clause 7.1.3 that published SOUP anomaly lists be evaluated for contributing to potentially hazardous situations. In this project, many of the software components are open source, so we are looking at issues lists posted online. However some of the open source elements, such as Angular, have hundreds of issues posted online. Does anyone have experience on how to address this 62304 requirement on a practical basis for open source software? This is a startup company so developing an in-house alternative to some of the open source building blocks isn't practical and in my opinion may even introduce more risks since it wouldn't have the established history and user base. Any feedback much appreciated!