Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free Software, a Matter of Life and Death

Posted by kdawson on from the serious-as-it-gets dept.

ChiefMonkeyGrinder writes "Software on medical implants is not open to scrutiny by regulatory bodies. Glyn Moody writes: 'Software with the ability to harm as well as help us in the physical world needs to be open to scrutiny to minimise safety issues. Medical devices may be the most extreme manifestation of this, but with the move of embedded software into planes, cars and other large and not-so-large devices with potentially lethal side-effects, the need to inspect software there too becomes increasingly urgent.' A new report 'Killed by Code: Software Transparency in Implantable Medical Devices' from the Software Freedom Law Center points out that, as patients grow more reliant on computerized devices, the dependability of software is a life-or-death issue. 'The need to address software vulnerability is especially pressing for Implantable Medical Devices, which are commonly used by millions of patients to treat chronic heart conditions, epilepsy, diabetes, obesity, and even depression.' Will making the source code free to scrutiny address the issue of faulty devices?"

15 of 197 comments (clear)

  1. I've got to say... by fuzzyfuzzyfungus · · Score: 4, Funny

    That the Pacemaker Genuine Advantage warning I got last week was a bit of a shock...

    1. Re:I've got to say... by Mongoose+Disciple · · Score: 5, Funny

      Blue Screen of Death, now with real death?

    2. Re:I've got to say... by fuzzyfuzzyfungus · · Score: 4, Funny

      Well, do you want your pacemaker to have intuitive manageability through Group Policies, or not?

    3. Re:I've got to say... by Mongoose+Disciple · · Score: 5, Funny

      Thanks!

      At least I didn't say it'd be the first killer app for the platform. Man, these jokes write themselves!

    4. Re:I've got to say... by Sponge+Bath · · Score: 4, Funny

      Roy: [answers phone] Hello, IT. Have you tried turning it off and on again?

    5. Re:I've got to say... by Monkeedude1212 · · Score: 3, Informative

      I wish we could up-vote comments ourselves, I'd give this a ++.

      We do. You just have to earn them, that's all. And once you earn them, you can waste them on as many +funny's as you want.

    6. Re:I've got to say... by camperdave · · Score: 4, Funny

      just think... somewhere out there is someone who is thinking it would be a great idea to run Windows Embedded in a pacemaker.

      Just think... Somewhere out there is someone who writes pacemaker software who is thinking "There are alternatives to Windows Embedded?"

      --
      When our name is on the back of your car, we're behind you all the way!
  2. Same article different day by guruevi · · Score: 4, Informative

    Dupe! This was covered a couple of days ago.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:Same article different day by fuzzyfuzzyfungus · · Score: 4, Funny

      Not to worry. Authentication dongles will be available in a variety of sizes, to make insertion endurable for all our users.

    2. Re:Same article different day by bws111 · · Score: 4, Informative

      http://hardware.slashdot.org/story/10/07/22/2346253/SFLC-Wants-To-Avoid-Death-by-Code?art_pos=46

    3. Re:Same article different day by kipd · · Score: 4, Informative

      Yes... No bugs, thoroughly tested: http://www.ccnr.org/fatal_dose.html

  3. Makes sense by MBGMorden · · Score: 4, Insightful

    To me, this is just common sense. This code doesn't necessarily have to be FL/OSS in my mind - let them keep the copyright, but it most definitely should have code available for public review. Would you be willing to take a new wonderdrug where the drug company won't tell anyone what's actually in it, but assures you that it'll work? If they must disclose the formula to their drugs, then they ought to be required to disclose the code to their software. Let existing laws like copyright ensure that no one else uses it.

    --
    "People who think they know everything are very annoying to those of us who do."-Mark Twain
  4. Re:Lots of tedious details by fuzzyfuzzyfungus · · Score: 3, Insightful

    I don't think that the notion is that all medical code is going to be written by happy-go-lucky FOSS volunteers, the notion is that people ought to be able to inspect the code that is going to becoming a part of their life-critical systems...

  5. The code is going to do you a whole lot of good .. by Ihlosi · · Score: 3, Interesting
    ... if you don't know the hardware it runs on and the external circuitry.

    Really. Finding security holes in software that runs on a plain vanilla PC is one thing, finding the cause of glitches in the nanosecond range on an embedded system is another thing entirely.

  6. Re:Double-edged sword by Hatta · · Score: 5, Insightful

    But do you want to risk everyone being able to reverse-engineer the protocol used for adjusting the settings for such a device?

    Yes. Security through obscurity is essentially no security at all. The only thing that should be secret is the private encryption key that is uniquely associated with the remote control, which should be under strict physical security at all times.

    What you say? There's no encryption implemented in these devices? That's a big problem whether the code is open or not.

    --
    Give me Classic Slashdot or give me death!