Hacker News new | ask | show | jobs
by daveguy 3557 days ago
Yes. And they are required by the FDA:

http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidanc...

Therac-25 is an example of what can happen when medical devices are not held to a high standard:

https://en.wikipedia.org/wiki/Therac-25
2 comments
jschwartzi 3557 days ago
That document is guidance. In it they suggest static analysis and formal methods, but they do not require them. You might get asked questions during a 510k if you don't explicitly call them out, though.

Therac-25 is actually an example of how a bad risk analysis and lack of appropriate mitigations for the level of concern can lead to patient injury or death. The design of the device meant that a single-fault condition in software could create a hazardous situation for the patient. When they revised the design for software control they removed a hardware mitigation.

link
Waterluvian 3557 days ago
I feel like "engineer overconfidence" is actually laziness.

Any time I've felt inclined to say it's fine, wasn't overconfidence. It was laziness to go through the whole process of re-validating something.

This seems like an embarrassing admission, but it was part of me learning how to be a programmer. The rookie me wanted to cut corners.

link