Slashdot Mirror

← Back to Stories (view on slashdot.org)

Industrial Strength Open Source Code?

Posted by ryuzaki0 on from the extra-strength-code-fu dept.

dnnrly asks: "I work for a company that writes software for the pharmaceutical industry. We have to work in quite a tight regulatory environment because some of our code ends up in the process of drug testing. Seeing as the FDA are quite picky about making sure that there can be no errors in testing new drugs, our clients have strict rules that we must follow for coding. We have to review all of the code that is written, making sure that everything is traceable to a design specification. Where we use 3rd party software/code we have to make sure that it comes from an ISO9000 source. This is a bit of a problem when we would like to use open source stuff in our code. Projects like log4net and NUnit would be tremendously useful in our code but we're not allowed to use them because they don't tick the right boxes. Now, *I* know that these projects (and others) are incredibly stable just because of the volume of use that they have seen but that isn't enough for some people. How can we certify such software?"

2 of 68 comments (clear)

  1. Import it into your own code base, and review it. by ankhcraft · · Score: 4, Interesting

    Simply import it into your own code base, and then review it as if it was written internally. Basically, learn it inside out, as if you wrote it yourself. If that is not legally sufficient, then the laws need to be rewritten since the lines they would be attempting to delineate would at this point be completely imaginary. It doesn't matter whose head it originates from, what matters is that it is fully reviewed and completely understood to the point where everyone on your team is prepared to stand behind the entire body of code. If that confidence comes from actual understand, it becomes irrelevant who wrote the code in the first place. How would it be any different if, instead, it was code written by somebody who no longer works at the company.

    --
    ...
  2. Re:ISO 9000 by NateTech · · Score: 4, Interesting

    ISO 9000 is a documentation process, not a quality process. People don't seem to get that, and the marketing spin around it for years has not exactly made that very clear.

    One of the engineers at work keeps a photograph of the Firestone plant that produced all the deadly, defective tires for Ford.

    The photo shows clearly:
    - The plant was shut down and closed.
    - The plant has a large "ISO 9000 Certified" sign on the entrance sign.

    ISO 9000 just means that you documented your procedures and you can verify and prove that you followed them. It does not tell you whether or not they're smart, safe, profitable, or anything else about your business.

    In other words: ISO 9000 forces a company to document what they're doing, but can't save the idiots from doing the wrong things.

    --
    +++OK ATH