Source code inspection related article (previously posted to NHSHD)
Lawyer Karen Sandler's heart condition means she needs a pacemaker
to ward off sudden death. Instead of trusting that the vendor will
create a flawless platform for the device to operate, Sandler has demanded to see the device's source code. (via slashdot.) Alternative cultural reference... did anyone watch Elementary S01E21
"A Landmark Story" in which a pacemaker is hacked to deliver a fatal electric shock? Or how about this story:
Insulin pump hack delivers fatal dosage over the air.
DSCN14 makes it the responsibility of the developer/vendor bringing
software to market to have appropriate systems/processes in place to
ensure quality and clinical safety. DSCN 18 asks the healthcare purchaser to conduct
a risk assessment when adopting / implementing such software. Code
review under NDA / escrow could be part of the acceptance process. So
the code does not have to be open for an appropriate review to have
taken place. The DSCNs don't enforce any particular process on anyone
either. EU MMD legisation categorises software as medical device into different risk bands. The lowest risk category (into which the
apps.nhs.net offering seems to all fall into) is self certification of compliance with legislation. You all know this of course from the recent discussion on this list about EU MMD and the presentation I shared from the MHRA....
With the apps in the store being mainly advice and guidance apps at this time, I'm pretty happy with the review and acceptance process as the team are addressing the quality of content issues appropriately. The biggest weakness in many health apps being the quality of the content... as your friend Jeremy Wyatt has pointed out a few times (e.g. here
http://j.mp/10MPicO )
As for 'many of the best exploits' - this is a wholly arbitrary count of a wholly personal categorization of any exploit I've seen. Current favs include the Debian SSH / SSL bug (
http://j.mp/15XK4Uz) and another similar that I can't seem to find right now (damm you google!)