Slashdot Mirror

← Back to Stories (view on slashdot.org)

SFLC Wants To Avoid Death by Code

Posted by timothy on from the me-too-me-too dept.

foregather writes "The Software Freedom Law Center has released some independent research on the safety of software close to our hearts: that inside of implantable medical devices like pacemakers and insulin pumps. It turns out that nobody is minding the store at the regulatory level and patients and doctors are blocked from examining the source code keeping them alive. From the article: 'The Food and Drug Administration (FDA) is responsible for evaluating the risks of new devices and monitoring the safety and efficacy of those currently on market. However, the agency is unlikely to scrutinize the software operating on devices during any phase of the regulatory process unless a model that has already been surgically implanted repeatedly malfunctions or is recalled. ... Despite the crucial importance of these devices and the absence of comprehensive federal oversight, medical device software is considered the exclusive property of its manufacturers, meaning neither patients nor their doctors are permitted to access their IMD's source code or test its security.'"

39 of 247 comments (clear)

  1. this is Surprising? by querky · · Score: 5, Insightful

    the software running your pacemaker is probably patented too!

    1. Re:this is Surprising? by JustinRLynn · · Score: 3, Insightful

      They tried to outlaw alcohol once.. look where it got them. Sometimes the cure is worse than the disease.

    2. Re:this is Surprising? by insertwackynamehere · · Score: 3, Insightful

      It really kills me when someone is all for marijuana being legalized but thinks that banning alcohol is the second greatest idea in their head. I know frustrated potheads love to feed the whole "alcohol is more dangerous than weed" line over and over, but not everyone who drinks alcohol does so in a way that threatens their health. Someone who smokes weed everyday and turns every conversation into a "weed should be legalized" conversation is a lot more unhealthy than someone who drinks alcohol in moderation.

    3. Re:this is Surprising? by Anonymous Coward · · Score: 4, Informative

      But thanks for the amateur psychoanalyzing, it was very humorous.

      Yeah, I guess a real psychoanalyst requires someone who...

      ...is a convicted burglar for multiple counts of grand larceny:

      I was a thief when I was teen-ager. Not a grab and run, bust a glass thief either. I was a break in, and steal everything you had in the house, and bust your safe if you had one.

      ...is a major douchebag:

      Eh, I got banned from the WoW forums on one account for calling the mods fucktard asshats who...well, you get the idea.

      ...is a douchebag AND a troll:

      Whoever modded the above post troll is a fucking idiot whose mother is a cocksucking whore on a Glasgow street corner. If you fail to recognize a legitimate question, maybe you need to get the dick out of your mouth and the dildo from your ass and learn to read. That's the problem with handing moderation points to just anyone on /. Fucking morons get them too.

      ...is a white supremacist:

      Niggers are different than me and need to be looked down upon, especially if the law prevents me from killing them on sight or at least putting them back in chains and out in the fields.

      ...is an attempted killer (thankfully only attempted):

      Convicted of 1 B&E, 1 Burglary, 1 Armed robbery, 1 assault with a deadly weapon inflicting serious injury with intent to kill, Violating the federal Firearms Licensing Act, Possession of Stolen Government property, and an explosives charge for the hand grenades.

      ...believes mentally ill people should be put down:

      If someone is a diagnosed pedophile, there is only one sure fired way to make sure they never do it again, a bullet through the head, or a more humane method if that is your preference.

      ...enjoys taking out his rage by beating up pedophiles while in prison:

      We'd beat them [the pedophiles] down, the guards would beat them down, and they would not stop, could not stop more likely.

      And the very best part is, this guy is a certified counselor! And he's PAID by your very own tax money!

      I work as as a SAC II (substance abuse counselor) for pay, part-time and also am doing my internship at the same location. It's free work IMNSHO. The only reason I put up with it is because as soon as I finish my MA and get my license, I go full time with about a 95% pay raise, plus state government benefits, and will be able to do private assessments and counseling on the side for about a grand a week.

      Hire your own stonewallred today! Limited offer! *Exclusions include non-whites, democratic party members, women, and educated persons.

      I feel so inspired and humbled.

    4. Re:this is Surprising? by TapeCutter · · Score: 3, Interesting

      Reproduced below are the statistics printed on my pack of smokes...

      Causes of death in Australia.
      Tabacoo - 19,019
      Alcohol - 2,831
      Motor vehicle accidents - 1,731
      Illegal drugs - 863
      Murders - 203

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    5. Re:this is Surprising? by insertwackynamehere · · Score: 2, Insightful

      I dunno though, I don't wanna pass judgement but three or fewer drinks a day is really not that little. I think if you are having more than three drinks daily, you may have a problem. Sometimes at a party I'll have more than three drinks, but I don't party every night either. I also don't drink on a daily basis.

  2. So what by clarkkent09 · · Score: 5, Insightful

    Does a government agency examine the source code which keeps airliners in the air, cars on the road, nuclear plants from blowing up etc etc? If the government is going to evaluate and approve every important piece of code line by line we will pretty soon run out of programmers. But then, chip designs will have to be evaluated too because they can fail as well. Next, mechanical designs, engines, turbines, reactors, better make sure that the government is stocked with experts in all those fields too.

    After all, nothing can possibly be safe until it is certified as such by the government. Just ask hundreds of thousands of people who died while the drugs that could have saved them were waiting for the FDA approval. They are pretty safe now.

    --
    Negative moral value of force outweighs the positive value of good intentions.
    1. Re:So what by QuantumG · · Score: 4, Insightful

      I think you miss the point. You should be able to examine the code in the pacemaker inside you - or hire an expert to do so.

      --
      How we know is more important than what we know.
    2. Re:So what by wiredlogic · · Score: 4, Interesting

      In the case of avionics, there are rigorous design and testing standards for electronics, software, and mechanical hardware that are mandated by the FAA. Passing them is part of the certification process. This task can be handled in house or by third parties that specialize in that task. The medical industry should largely be applying the same principles.

      --
      I am becoming gerund, destroyer of verbs.
    3. Re:So what by PopeRatzo · · Score: 4, Insightful

      I don't think code-reviews by bureaucrats is a good option

      Of course not, but presumably the reviews would be done by programmers and analysts who would then report to the FDA.

      When a drug is evaluated for it's safety and effectiveness, it's not "bureaucrats" that are doing the evaluation, it's doctors and pharmacologists and public health specialists.

      When you throw a word like "bureaucrats" around, you make it sound like some clerk from the DMV is going to be doing the evaluation.

      Yes, agencies like the FDA have become bureaucratic clusterfucks of non-progression and end up doing more damage than good.

      Only because the lobbyists who have become the ones writing the regulations prefer it that way. The answer is certainly not to "fix" the bureaucracy by making them even more ineffective. Anyone who tries to reduce the argument to "less government" is trying to do exactly that. I know that's not what you're doing, of course, but there are people who have been misled into believing that the solution to any problem is "less government". However, there are very few examples where deregulation has made a situation better for anyone but a very few.

      --
      You are welcome on my lawn.
    4. Re:So what by paeanblack · · Score: 4, Informative

      Hardware that is literally the only thing keeping you alive should be subject to some regulation. I don't think code-reviews by bureaucrats is a good option, but perhaps independent third parties would be a start.

      Given that basically all such devices have been reviewed by Underwriter Laboratories or an equivalent OSHA recognized testing lab already, I don't see what needs to change.

      Despite all the flaws of the US tort system, it does provide a strong financial incentive for things like pacemakers to be designed robustly. And yes, the code also gets reviewed.

      It may surprise people, but the system being proposed is already in place and it works pretty well.

    5. Re:So what by Achra · · Score: 4, Informative

      In the case of avionics, there are rigorous design and testing standards for electronics, software, and mechanical hardware that are mandated by the FAA. Passing them is part of the certification process. This task can be handled in house or by third parties that specialize in that task. The medical industry should largely be applying the same principles.

      EXACTLY. First informed post I've read on this story. I've made a career out of working on medical devices of all levels of concern (yes, including a heart pump) and the V&V process is basically as the parent states. There is a fairly rigorous validation process which is performed on the device (over the course of months to years, depending on complexity of the product and level of concern). These things aren't exactly shuffled out the door like Microsoft shuffles out a new OS (yes, I've worked there too). There is a LOT of diligence involved in receiving 510k clearance on a new device.

      --
      Each processor would proceed sequentially as if it had been better for them not to rise against Saul.
    6. Re:So what by gurudyne · · Score: 4, Informative

      I've tested medical device software and I had to sign my name on forms over 5K times for just one version. This was just for the behavior and appearance of the localized GUI, not the pure functionality. Each test was recorded via video. The 90GB of video, 4GB of datasets, and the 220 pounds (100kg) of signed test forms were shipped at the end of the 6 week series.

      At the medical device customer's end, all of the tens of thousands pages of signed and initialed test forms were scanned and burned to disks. The plan to hang on to these for about a century.

      Then, the forms are updated and reviewed, new languages and OS versions added and the cycle continues. Every step is reviewed and audited. We don't want the FDA asking 10 years from now if something was tested or considered for testing without giving defensible answers.

      The folks testing the functionality of the software had close to 100K of tests for each version of device software. (Different vendor, so I am going by what the device company told me.)

      We all reported to the same defect database, so we could be aware of progress and problems.

      Long hours, fun times.

      --
      Hey, Mom! Is it beer, yet?
  3. Stay away from Windows CE by Anonymous Coward · · Score: 4, Funny

    One of the July 2010 updates bluescreened my 81-year-old dad.

    The hospital backed out the update but they had to reboot him in safe mode and go up the back door.

     

  4. Same as in the pilot seat by chaim79 · · Score: 4, Informative

    I work for a company does full life-cycle development and verification of safety-critical software, the main areas we work in are aircraft instrumentation, smart munitions, and medical equipment (including pacemakers). The amount of testing and verification that goes into these software categories often exceed the development cost, and at every level it is documented and traced. What on earth do Doctors think they will see in the source code? We do verification, peer review, tracing, etc. what would an MD find that a room full of software, system, and QA engineers wouldn't? About the only thing that they would be able to look at and have a hope in understanding is criteria for taking action, and that is in the requirements and should be reviewed at that level, not at the code level.

    Next thing they know Pilots will demand the ability to review the code for their cockpit management system and soldiers the ability to review the code for their Anti-Tank rockets!

    --
    DEMETRIUS: Villain, what hast thou done?
    AARON: Villain, I have done thy mother.
    Shakespeare invents 'your mom'
    1. Re:Same as in the pilot seat by segin · · Score: 3, Funny

      Oh, so because a few employees within a company (and maybe a closely related partner) have looked over the source, it's "peer reviewed"? Peer review means that EVERYONE can examine the source, including people you have never met nor have even heard their names. It means that people you absolutely hate can review your source, not just a few of your employees that have no qualms about lying and saying it's all good just to keep their jobs.

      In other words, your source code has had as much legitimate peer review as my dick has, and since I'm a Slashdotter, any claims of sexual activity on my part are instantly dubious by that simple fact alone.

    2. Re:Same as in the pilot seat by rcw-home · · Score: 2, Funny

      The amount of testing and verification that goes into these software categories often exceed the development cost

      That puts the testing quality roughly somewhere between most video games and Windows.

    3. Re:Same as in the pilot seat by Errol+backfiring · · Score: 2, Insightful

      What on earth do Doctors think they will see in the source code?

      That you did your job as you say you did. That something can go right and that laws were respected is no surprise to me. But I want to make sure that that is the case. You probably only see the cases that have a good testing. I want to make sure I am not depending my life on a device that was not tested adequately. I worked in both aviation and medical firms, and the security attitude of the medical world really scared the living daylight out of me.

      So no, I will not take adequate medical testing for granted. Especially when information technology is involved.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    4. Re:Same as in the pilot seat by StormReaver · · Score: 2, Insightful

      The amount of testing and verification that goes into these software categories often exceed the development cost...

      Then what's the harm in releasing the source code so those who are qualified to review it can do so?

      The most likely answer is: "to protect our proprietary secrets from competitors!"

      My response to that is, "what proprietary secrets?" If every company does the type of due-diligence you claim, then everyone in the field is already at the same level of competence and will not benefit from someone else's code. If not every company performs the same level of diligence, then that's all the more reason to have their code reviewed.

      The most likely reasons to fight having their code reviewed are arrogance and fear.

    5. Re:Same as in the pilot seat by chaim79 · · Score: 2, Insightful

      yah, you have no clue.

      If you were able to sit down and listen in to any of our peer reviews or look through our test cases and procedures you might get an understanding. We work on Safety Critical software, there are no 'qualms about lying', and just 'saying it's all good' will in fact cause you to lose your job and fast. We regularly work on DO-178B Level A projects, that's the kind of project where if something fails people will die. As it stands I doubt there is an airline in the USA that doesn't have some code we've either developed or reviewed. We lie on something and we have a good chance of being on the airplane that lie is going to effect. We also do a bunch of medical project (pacemakers), one of our top managers made sure that when his father got a pacemaker that we worked on.

      Bottom line is we will not lie on safety critical software, to the degree where we have stopped working with customers that have repeatedly requested us to lie to get a project done in time or under budget. There business wasn't worth our reputation or peoples lives.

      --
      DEMETRIUS: Villain, what hast thou done?
      AARON: Villain, I have done thy mother.
      Shakespeare invents 'your mom'
  5. Re:Why? by julesh · · Score: 2, Insightful

    Even more so how many doctors or patients are going to have the knowledge to "examine the source code" and tell whether it is working properly?

    It only takes one or two to achieve useful results.

  6. Re:Why? by julesh · · Score: 3, Interesting

    The devices themselves are rigorously tested in clinical trials. If they pass those tests, what more do you want?

    Software errors can (and in fact are most likely to) result in pathological behaviour in unusual circumstances. Example. "The failure only occurred when a particular nonstandard sequence of keystrokes was entered on the VT-100 terminal which controlled the PDP-11 computer: an "X" to (erroneously) select 25MV photon mode followed by "cursor up", "E" to (correctly) select 25 MeV Electron mode, then "Enter", all within eight seconds. This sequence of keystrokes was improbable, and so the problem did not occur very often [i.e. not in any clinical trials] and went unnoticed for a long time." An independent source-code audit could have saved three lives in that case.

  7. Re:Why? by mirix · · Score: 3, Insightful

    I'm sure Therac-25 passed some sort of trials too. That didn't stop it from killing people, of course.

    --
    Sent from my PDP-11
  8. Re:Why? by Spiked_Three · · Score: 2, Insightful

    Really? Let's hear your prosecution for a case of murder by hacking an implantable device? Even if someone was smart enough to look into the device to see it had been hacked, there would be no evidence of who did it. Pick an important enough target, ie Dick Cheney, and you have a perfect untraceable murder.

    --
    slashdot troll = you make a compelling argument I do not like the implications of.
  9. Re:HeartHacks by JustOK · · Score: 2, Insightful

    OSX: soon to be ad supported, will only beat during approved activities, phones home with details about your liver.

    --
    rewriting history since 2109
  10. Re:HeartHacks by JamesP · · Score: 2, Insightful

    No

    WIth the exception of ATMs (and some radar guns) I wouldn't even bother with an OS

    And that's GOOD. I DON'T want anything more complex than a couple (ok, 100) of lines of code in my pacemaker, thank you very much

    It doesn't NEED to be more complex than that, and it SHOULDN'T

    --
    how long until /. fixes commenting on Chrome?
  11. Re:Why? by Shinobi · · Score: 2, Insightful

    A source code audit would not necessarily have found it. Like with so many other obscure faults, most likely, you'd have to go through a full trial and error on an actually running system, since you do not always know beforehand if the error is introduced by the specific source code, the compiler or anything else.

  12. Huh? by jmactacular · · Score: 2, Insightful

    "patients and doctors are blocked from examining the source code"

    huh? are either qualified to do so?

  13. Not just government by weston · · Score: 2, Interesting

    Does a government agency examine...

    How about the other entities mentioned in the summary (let alone TFA) -- patients and, more importantly, *doctors*? If not them -- who should review them?

    After all, nothing can possibly be safe until it is certified as such by the government. Just ask hundreds of thousands of people who died while the drugs that could have saved them were waiting for the FDA approval. They are pretty safe now.

    FDA approval works roughly about as well as "self-regulation" works, since the FDA more or less reviews studies provided by the industry.

    Though it's worth noting this is probably at the upper bound of effectiveness of self-regulation, since under the FDA they're actually required to submit something that can convincingly pass for a study in order to receive approval.

    --
    Tweet, tweet.
  14. Someone needs to write a country music song.... by coastal984 · · Score: 2, Funny

    ....with the line "She hacked into my heart and crashed me."

  15. Proprietary pacemaker code excerpt by turing_m · · Score: 4, Funny

    // max_int should be enough for anyone
    for(i = 0; i < max_int;i++){
      sleep(1);
      beat_heart();
    }

    // printf("hi!!!!!\n")

    --
    If I have seen further it is by stealing the Intellectual Property of giants.
  16. How are you alive? by zooblethorpe · · Score: 4, Informative

    I'm not trolling or flaming at all here, I'm genuinely surprised.

    about a pint to a quart of everclear a night

    By my quick-and-dirty calculations:

    1. 1 qt = 946 ml
    2. @ 95% ABV = around 900 ml of pure alcohol (898.7 ml)
    3. 12 oz (bottle of beer) = 355 ml
    4. @ 5% ABV = around 18 ml of pure alcohol (17.744 ml)
    5. 1 qt everclear = 50 12-oz bottles of beer
    6. 1 pt everclear = 25 12-oz bottles of beer

    I tend to feel rough after four or five beers. How is it you're drinking five to ten times that *a night* and still around to talk about it lucidly? I'd expect some serious delerium tremens in short order on that track...

    Curious,

    --
    "What in the name of Fats Waller is that?"
    "A four-foot prune."
    1. Re:How are you alive? by CraftyJack · · Score: 4, Insightful

      in college working towards a MA, aiming towards being a LPC or LSW specializing in substance abuse treatment

      been drinking since I was 14 or so, am now 41.

      I start around 3pm, give or take a little and go until I go to bed, which in many cases is not until 1 or 2am.

      I'm sorry, but I simply can't take you seriously. You're either stretching the truth, or you are a 41 year old student that spends nearly half his day drinking. Either way, you're not credible.

  17. Re:Open Source pacemakers by matria · · Score: 2, Insightful

    Or maybe you might learn what "open source" is. It is not necessarily free. It is not necessarily part-time. It merely means that the source code is available. Such a long bout of rabid typing for such a small amount of understanding.

  18. Re:Why? by vux984 · · Score: 4, Insightful

    An independent source-code audit could have saved three lives in that case.

    =Could have= saved 3 lives.

    Would have cost 10s of thousands? millions?

    Pretty much every time someone on the planet dies of accidental causes there is some procedure or process that "could" have saved them.

    Life just isn't that safe. And I'd rather not spend every dime of the gdp trying to make it as safe as possible.

    When people die its tragic. If its something simple to fix, we fix it. But lets not lay guilt trip down every time anybody dies. Life is dangerous and it wouldn't be worth living if we made it safe, because the only way it will ever be safe is if we lock everyone up in straight jackets in padded rooms.

  19. Re:Why? by demonlapin · · Score: 3, Insightful

    Most of these devices don't spend all that long on the market. They keep getting better, having new features and lower power consumption. Proving the code would slow the pace of advancement. Irony of medical advances: an imperfect device that kills a few people may in fact be (from a public-health POV) better than a perfect device that takes an additional two years to develop.

  20. Re:Reliability certification is needed by htdrifter · · Score: 2, Interesting

    The FDA requirements on software are strict. There are requirements for coding practices, testing, QA, etc. Inspectors show up, without notice, to check for compliance.
    The code reviews are very thorough and require a manager and at least two other programmers.
    All code has to be instrumented and scripts written to force execution of all code.
    The output traces from instrumentation have to be fully documented. Everything that happens is documented.

    They require the source code with all changes documented, test scripts, fully documented code intstrumentation output, full QA test documentation, etc. All these things must be signed by the programmer, reviewers and managers.

    All this goes to the FDA along with a system for testing. They review the code, test the system and call with questions.
    The FDA is interested in suggestions on improvements to the process.

    That process adds a lot to the development time and cost for a project.
    It can't guarantee perfection but they take a very good shot at it.

  21. NEVADA GAMING COMMISSION has the code to slots gam by Joe+The+Dragon · · Score: 4, Interesting

    NEVADA GAMING COMMISSION has the code to slots games so why can't the FDA get the code to med systems?

  22. Re:HeartHacks by demonlapin · · Score: 2, Informative

    It needs to be a great deal more complex if you want to do something more than just be alive.

    Adaptable rates? You'll need a motion-detection routine in order to speed the heart up so that people can enjoy even the mildest exercise.

    Pacing only when needed, not when it's not? You'll need more code to identify when a beat has occurred within the correct time interval.

    How about automatic defibrillators? Those are the devices that will shock a heart back into a normal rhythm, which is far more than a regular pacemaker can do; of course, in order to do that, they have to be able to analyze an EKG in real time and get it right - and that takes code.