Some time ago, Karen Sandler was diagnosed with hypertrophic cardiomyopathy, a medical condition in which the heart muscle thickens, greatly increasing the chances of sudden death. A defibrillator implant was recommended. Of rightful curiosity, Karen asked what software ran the implant, and if she could have a look at its source code before entrusting her life to a gamble on its quality. After many a confused look, much finger pointing and buck passing, the buck landed back on her, and the cat was let out of the bag.
Medical devices are approved by the Food and Drug Administration (FDA), which never reviews source code unless the administration has a sense that there might be a problem with the device. Instead, it relies on the self-appraised reports published by the device manufacturer or the software vendor. Beside a general guideline as to format, there are no specific requirements mandated by the FDA about what these reports must contain.
The rationale behind this approach is that, each device being different, the FDA worries that if they mandate specific requirements, they might miss something important. And because they do not understand the intricacies of each device as well as the manufacturer does, it makes more sense for the manufacture to determine what tests to perform to validate the quality, correctness and accuracy of the device.
We all know that software has bugs. The Software Engineering Institute (SEI) estimates one bug for every onehundred lines of code. How many lines of code would a typical device have, and thus how many bugs? Research indicates that 98% of the recalls the FDA made on these devices due to software failures could have been corrected simply by all-pairs testing. This lack of transparent testing costs lives, and there is little or no legal recourse.
Karen’s message is simple. The way we use software has changed. From the early days of using it only for simple tasks such as word processing, today software use permeates every aspect of our lives. We need the freedom to be able to inspect it and put it under the scrutiny of an open eye; especially for something as critical as life-saving technology. In sharp, clear tones, Karen tells her story, presenting a new and refreshing perspective on the importance of freedom and open source software