Would you put this in a medical device? |
In the real world, designers of medical devices and other critical systems have to create products that are both safe and functional. They also have to satisfy time-to-market pressures: A safe system is no good to anyone if you take too long to build it.
To cut development time, manufacturers in many industries use commercial off-the-shelf (COTS) software in their products. But medical manufacturers have been reluctant to follow suit. They worry that COTS means SOUP — software of uncertain provenance. And SOUP can make a mess of safety claims, not to mention approvals by the FDA and other agencies.
Or perhaps not. When it comes to SOUP, my colleague Chris Hobbs argues for a nuanced approach. He states that if manufacturers distinguish between opaque SOUP (which should be avoided) and clear SOUP (for which source code, fault histories, and long in-use histories are available), they will discover that COTS software is, in many cases, the optimal choice for safety-related medical devices.
Chris isn't a lone voice crying in the wilderness. He notes, for example, that IEC 62304, which is becoming the de facto standard for medical software life-cycle processes, assumes manufacturers will use SOUP.
Enough from me. Check out this three-part video in which Chris explores the ingredients that can make SOUP the right choice for a medical software design:
Part 1
Part 2
Part 3
Webinar alert
Yesterday, Chris and his colleague Justin Moon presented a webinar on this very topic. If you missed it, no worries: It should soon be available for download through the QNX webinar page.
Good post. I thought you might also be interested in these two assets on Software of Unknown Pedigree http://www.veracode.com/security/software-of-unknown-pedigree and http://www.veracode.com/blog/2013/01/global-enterprises-serve-up-risky-s-o-u-p-infographic/
ReplyDeleteLove the graphics. I assume this solution is more focused on IT systems than on medical devices, yes?
ReplyDelete