Friday, May 11, 2012

Is an open-source pacemaker safer than closed-source?

Richard Stallman recently collapsed; he’s OK.  But it did of course get attention in the programming world.

For those not in the know, Richard - rms - is the leading light in the Free software movement (Free as in ownership, not free as in no-cost) and he really divides programmers into the camps - the minority who follow, the majority who admire without trying to understand, and the vocal minority dead against him.

Now him collapsing raises an interesting question: if he needed a medical device that wasn’t running Free software, would he use it?

He answered a similar question once:

22. two_front_teeth: Suppose your doctor told you that you needed a medical procedure to survive but that the procedure would require inserting a device inside of your body which ran proprietary software. Would you be willing to have the procedure done to save your life?

RMS: The only way I could justify this is if I began developing a free replacement for that very program. It is ok to use a nonfree program for the purpose of developing its free replacement. [source]

The principle is really about Freedom; safety is just a sideline here.  But I wondered, would a Free-software device be any safer?  I think the answer is yes and here’s why:

The manufacturer makes, say, a pacemaker and releases the software as open-source. 

Obviously at this exact point in time they release it we have a pacemaker as safe as if they hadn’t released the code too.

the attacker

Now that the code is public there’s a risk that the attacker can more easily find bugs in the device and attack users of it.

Closed source devices have never stopped attackers before, even in medical implants (again and more); its security through obscurity.

the bugs

Of more concern is straightforward bugs in the software:

From 1997 to 2003, at least 212 deaths resulted from defects in five different brands of defibrillators. [via]

Update: this post prompted this comment on proggit:

I recently had to review code running on an FDA approved class 2b device. It was terrifyingly bad and I discovered several easily triggered bugs from simply reading over the code. I think transparency should be absolutely required for medical systems.

Acceptance testing, at least for class 2 devices, is very shallow. If the device I worked with is any indicator for the overall trend, I am terrified of having my life depend on proprietary code.

And of course the infamous Therac-25 malfunctions.

the defense

But who else is interested in looking at that code and understanding it?  Users of the pacemaker who are also programmers, and the doctors who prescribe them.

There are a lot of programmers who have pacemakers or have loved-ones with pacemakers.  They have a very real motivation to look at it.

And there are plenty of doctors who are competent programmers and have the right mindset too.

There might even be programming doctors who have pacemakers.

I think that open-source pacemakers would quickly get valid improvements and bug fixes and stabilize.

I think all users of pacemakers would benefit.

Notes

  1. randomlyhaphazard reblogged this from williamedwardscoder and added:
    tl;dr YES
  2. c0d3 reblogged this from williamedwardscoder
  3. c0d3 said: So I posted this on Reddit and there is some great discussion around the idea. I didn’t expect some of the replies, but I am all for opening medical software up for review. I would trust an open source pacemaker before some of the stuff I have seen.
  4. thekaycee reblogged this from wildcat2030 and added:
    As someone who has an ICD…I’m all for open source pacemakers. The article’s right, pacemakers and other medical devices...
  5. wildcat2030 reblogged this from williamedwardscoder
  6. williamedwardscoder posted this

 ↓ click the "share" button below!