Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government Medicine Open Source Hardware Technology

SFLC Wants To Avoid Death by Code 247

Posted by timothy
from the me-too-me-too dept.
foregather writes "The Software Freedom Law Center has released some independent research on the safety of software close to our hearts: that inside of implantable medical devices like pacemakers and insulin pumps. It turns out that nobody is minding the store at the regulatory level and patients and doctors are blocked from examining the source code keeping them alive. From the article: 'The Food and Drug Administration (FDA) is responsible for evaluating the risks of new devices and monitoring the safety and efficacy of those currently on market. However, the agency is unlikely to scrutinize the software operating on devices during any phase of the regulatory process unless a model that has already been surgically implanted repeatedly malfunctions or is recalled. ... Despite the crucial importance of these devices and the absence of comprehensive federal oversight, medical device software is considered the exclusive property of its manufacturers, meaning neither patients nor their doctors are permitted to access their IMD's source code or test its security.'"
This discussion has been archived. No new comments can be posted.

SFLC Wants To Avoid Death by Code

Comments Filter:
  • by Anonymous Coward on Thursday July 22, 2010 @07:09PM (#32998168)

    One of the July 2010 updates bluescreened my 81-year-old dad.

    The hospital backed out the update but they had to reboot him in safe mode and go up the back door.

     

  • by coastal984 (847795) on Thursday July 22, 2010 @07:56PM (#32998598) Journal
    ....with the line "She hacked into my heart and crashed me."
  • Re:So what (Score:1, Funny)

    by Anonymous Coward on Thursday July 22, 2010 @08:08PM (#32998674)

    The source code in most medical devices like pacemakers is almost meaningless without a complete description of the custom hardware that runs it. Although this whole discussion is pointless since no company that bothers to go through the process of making an implantable (and FDA approved) medical device is going to give you any detailed information about the hardware or software (at least not until it's been obsolete for a few decades).

    As for ownership, the device belongs to you once it's implanted, but it's the warranty that matters. Most devices interface external equipment and strict operating procedures that your Doctor or a Field Engineer is trained to use. Access or manipulate the device in a way outside of the approved method may disable therapy (usually the response to most error) or at worst brick your device. Do you really want to try hacking something that you need to live as it's keeping you alive?

    Disclaimer
    IDHFIMD = I design hardware for implantable medical devices

  • by turing_m (1030530) on Thursday July 22, 2010 @08:08PM (#32998678)
    // max_int should be enough for anyone
    for(i = 0; i < max_int;i++){
      sleep(1);
      beat_heart();
    }

    // printf("hi!!!!!\n")
  • by BitZtream (692029) on Thursday July 22, 2010 @08:23PM (#32998752)

    Sure, go ahead, implant one in your chest.

    They'd be an awesome life. Knowing the device in your chest is buggy and will have 'updates' released every time the developer makes a commit to the revision control system. Knowing that your entire life depends on a guy who is doing it because he can shout 'OMG FOSS FOR LIFE FUCK THE MAN I'M SAVING THE WORLD'.

    Knowing your life depends on developers who only care about the code they write and how it fits their needs.

    You'll have 45 buttons on your pacemaker that let you control all the different ways you can stimulate and control your heart. Most of them will return 'not yet implemented', 3 of them will result in a core dump of pacemakerd, 10 of them a PANIC reboot, another 2 cause it to just go silent and halt, and the developer threw in an Easter egg that makes you piss your pants if you hear a penguin.

    If you're lucky, you'll get a group of devs that doesn't have 2 or 3 in it that throw temper tantrums on semi-regular basis and threaten to fork it while not putting any effort into the project.

    And to top it ALL off, If you complain to anyone about it, the response you'll get is:

    You have the source, fix it yourself.

    Let me tell you how quick I would be to jump on that train. To tie my life to someone who really doesn't get affected in anyway when his/her software kills me and has no real reason to put any effort into ensuring it doesn't.

    The OSS world still doesn't get why companies avoid OSS software, what the fuck makes you think anyone with a 3rd of a brain wants their life to depend on OSS.

    I use OSS constantly, there are some great accomplishments. Large portions of my life depend on OSS, but you will probably never find OSS in controlling any thing that my actual life depends on.

    I prefer to live, not prove how awesome OSS isn't for every situation.

    OPEN SOURCE IS NOT INHERENTLY BETTER, STOP PRETENDING IT IS. You guys REALLY need some perspective. Or just stop letting timothy have access to post to the front page.

  • by segin (883667) <segin2005@gmail.com> on Thursday July 22, 2010 @09:11PM (#32999038) Homepage

    Oh, so because a few employees within a company (and maybe a closely related partner) have looked over the source, it's "peer reviewed"? Peer review means that EVERYONE can examine the source, including people you have never met nor have even heard their names. It means that people you absolutely hate can review your source, not just a few of your employees that have no qualms about lying and saying it's all good just to keep their jobs.

    In other words, your source code has had as much legitimate peer review as my dick has, and since I'm a Slashdotter, any claims of sexual activity on my part are instantly dubious by that simple fact alone.

  • by rcw-home (122017) on Thursday July 22, 2010 @09:19PM (#32999080)

    The amount of testing and verification that goes into these software categories often exceed the development cost

    That puts the testing quality roughly somewhere between most video games and Windows.

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...