I watched this talk at SeaGL 2014. Really sad and incredible. I came away with the strong belief that the GPL as an ideology is a vital good for our society.
tl;dw: she has a defibrillator in her body, couldn’t get the source code for it, not even when offering to sign an NDA. Most people thought she was crazy or ignored her or had no idea or thought she was trying to trick them because she’s a lawyer. The FDA has no infrastructure in place for source code at all. It’s like nobody is aware that source code for medical devices exists. Yet, we have demonstrations of all of these devices getting pwned, and it’s already shocked her three times incorrectly (“callibration errors”, they said). This is proprietary software literally putting her life at risk. And if she needs a replacement because the company who made the vendor goes out of business, or she needs any kind of help, she more or less needs another surgery.
She then goes on to make comparisons to cars or to “phones” (pocket computers) and how it’s a matter of security to have source code for them.
As I was watching this, I was reminded of how shocked I was too when I learned how little the FDA understands about software development when I worked at a medical imaging company. They have all of this bullshit paperwork in place to make it look like software is tested without actually doing any actual testing.
The actual presentation is only around 30 min long, the last 15 min are Q&A.
Hah, having gotten something through the FDA in record time for a software project (with a brilliant team and a great compliance officer), here are some things I really wish they’d do:
Have official recognition in place for non-waterfall methodologies (which is basically any other methodology).
Have the goddamned standards free and publicly viewable on their website. Instead, they say things like “Go follow AAMI standard and pay for it”. And, they don’t actually have their own criteria…they just want you to show what else you used.
Require open-source for projects that are used for controlling devices or archiving data. Medical equipment must be provided with a manual for repairs and maintenance by skilled personnel even after the manufacturer is gone, software should be the same.
Require documentation of all externally-accessible interfaces, and unit tests for same to ensure proper interoperability.
This would at least bring them into the bronze-age.
I watched this talk at SeaGL 2014. Really sad and incredible. I came away with the strong belief that the GPL as an ideology is a vital good for our society.
@JordiGH looks interesting - any chance of a quick summary?
tl;dw: she has a defibrillator in her body, couldn’t get the source code for it, not even when offering to sign an NDA. Most people thought she was crazy or ignored her or had no idea or thought she was trying to trick them because she’s a lawyer. The FDA has no infrastructure in place for source code at all. It’s like nobody is aware that source code for medical devices exists. Yet, we have demonstrations of all of these devices getting pwned, and it’s already shocked her three times incorrectly (“callibration errors”, they said). This is proprietary software literally putting her life at risk. And if she needs a replacement because the company who made the vendor goes out of business, or she needs any kind of help, she more or less needs another surgery.
She then goes on to make comparisons to cars or to “phones” (pocket computers) and how it’s a matter of security to have source code for them.
As I was watching this, I was reminded of how shocked I was too when I learned how little the FDA understands about software development when I worked at a medical imaging company. They have all of this bullshit paperwork in place to make it look like software is tested without actually doing any actual testing.
The actual presentation is only around 30 min long, the last 15 min are Q&A.
Hah, having gotten something through the FDA in record time for a software project (with a brilliant team and a great compliance officer), here are some things I really wish they’d do:
This would at least bring them into the bronze-age.