No, there was a story here about DIY CPAP about a month ago. None of this is new though efforts do appear to be gaining momentum.
What is new is that the tools and technology (think dirt-cheap microcontrollers that you can easily (re)program, 3D printers etc) are getting to the point where it's becoming more realistic for more people to be successful with less effort/risk along with a means (i.e. the web) for people to collaborate and share information.
That said: yeah, one better do their homework as they are definitely taking their own health (or even life) into their hands.
QA and Security for the patient? Difficult topic. Medical devices are expensive because they are released to a regulated market. You spent 1 day developing, 1 day testing and 5 days documenting. So an unregulated but well maintained open source product which spent 2 days in testing, has a better quality but cannot show it to the authorities.
The key is: "Well Maintained". For these insulin closed loop community, I bet they are. They bet their own life on it.
What is intrinsic in closed source products that makes them less concerning? Could a financially backed open source device have equal quality, safety and review?
There is no fundamental reason, the tricky part is (as always) cost and expertise.
For all the issues in medical device engineering, the bar is higher than most people (particularly in software industry) have worked in. Obviously there are other areas too (e.g. aerospace), with similar or higher bars.
Your project will benefit by finding people with experience in hazard analysis and risk mitigation, testing, SDLC management etc. They either have to be motivated to do this on their own or payed, or a mix. Hopefully you'll find people familiar with ISO13489, IEC60601, IEC62304, etc. - not because you'll want to audit to these standards, but because the people will also be familiar with what's needed.
Basically, to have the quality where you want it to be, you need to do the work. The flexibility of such a system is great, but in terms of verification and validation, the amount of work could become exponential with the configurabilty - so you are probably going to want to concentrate on some specific configurations pretty rigorously and encourage them for "real" use.
Systems, particularly safety-critical systems, are tested in specific configurations (inputs, users, integrations).
If you change the configuration, you encounter the possibility of finding new bugs. When someone's life is tethered to the device, this will make engineers (and lawyers) properly twitchy.
For a perfect example of this, have a look at the the Ariane 5 [1]. Existing software was used in a new configuration and when it encountered an untested condition the software crashed, resulting in the rocket self-destructing.
Now, consider, you're adding bluetooth to a safety critical device - this is a protocol stack where people can't get their phone to connect to their car, and my Android phone occasionally needs to be rebooted before it will connect to my headphones.
DRM offers many bugs for an optional feature. I think they realized that the product testing requirements for DRM are so onerous that they'll never be willing to comply. Theoretical example:
"The patient died when the hospital was locked out of the pacemaker due to a bug in the license code parser in the patient's device."
You still need to have security for remote control safety, but a device maker cannot afford even a single bug in the "I have my hands physically on the device and I require access" pathway, or else deaths will eventually occur.
My understanding is that they are partnering with those companies. For instance, Medtronic produces the 670g, the commercial closed loop system (what I have)
What is new is that the tools and technology (think dirt-cheap microcontrollers that you can easily (re)program, 3D printers etc) are getting to the point where it's becoming more realistic for more people to be successful with less effort/risk along with a means (i.e. the web) for people to collaborate and share information.
That said: yeah, one better do their homework as they are definitely taking their own health (or even life) into their hands.