[dmytroi]

100% agree for "read only" software, like scanning, diagnostics, etc.

Control software is much more involved topic, let me illustrate it with a scenario: one family member is non-techy but has an insulin pump, another family member is techy and likes to hack around, they made a change to the insulin pump software to "improve it", but by accident the change triggered insulin overdose at night during sleep and family member died. We have rules and regulations not just to have rules and regulations, we have rules and regulations because they are written in blood.

While advocating for ability to freely modifying any life dependant control software is a noble goal, in my opinion it's the wrong end to approach it, instead it would be more constructive if we as computer science industry figure out ways how to make software such as we don't kill people, how to "certify" it in self service fashion (validation passed == no-one will die), etc, it's no trivial and it feels this particular part of our industry is not as developed/main stream as compared to something like civil engineering. If we have easy ways to ensure that modifying software will not lead to death then it will be easier to change the legislation to enforce this freedom.

[KennyBlanken]

In your scenario, there's protection at a societal level: manslaughter/homicide law.

Obviously their intent, the jurisdiction, their training/knowledge, and what sort of changes they attempted would matter in terms of how they were charged, prosecuted, etc.

If the device manufacturer updates software and injures or kills someone, they're liable on a criminal and/or civil level.

Before anyone starts rambling about how "they'll just calculate out their liability vs cost of proper software engineering blah blah"...in a civil lawsuit, at least in the US, the punitive portion of damages is for the express purpose of penalizing the defendant for shitty behavior, beyond actual damages, to discourage them and others from doing such a thing again.

McDonalds was slammed hard in the infamous coffee-scald case with a huge punitive portion. Before suing, the victim asked merely for medical expenses - nothing for the (enormous) pain and suffering from her genital burns. McDonalds told her to fuck off.

The jury was (to put it mildly) enraged on a number of counts: McD's knew their coffee was served well above industry standard temperatures, knew they'd injured people, and refused a reasonable request for damages.

[Kim_Bruning]

Software continues to "eat the world".

Given that, having medical software be FLOSS certainly seems like it's a necessary step. Whether that alone is also sufficient is something that might warrant further debate.

Eg. in the opposing quadrant: maybe the insulin pump has a bug, but the new fix doesn't get certified in time and now the family member dies while their kin stands by whilst wringing their hands. This bears balancing.

I think -partially- this would fall under a patient's right[1] to choose an alternative treatment option, when presented with the pros and cons. A patient should be allowed to take considered risks.

[1] https://en.wikipedia.org/wiki/Patients'_rights

[cbrugs]

I agree with it being the wrong way to go about it- I think the article fails to recognize that relying on the software being free isn't a solid enough certification of the software being appropriately safe to control a person's health. There has to be some other safeguard put in place- I'm not sure if it's legislation, but allowing a software update to break an app used by the elderly is unacceptable.

[gitaarik]

Updating the software should be done by qualified medical software engineers. Just like you wouldn't let a random untrained family member do surgery on you or prescribe you any drug. The free software aspect would still benefit the community, and people won't be on the fate of 1 company. If the company stops supporting the software, you could go to a medical software service company that has in-house experts on helping users with deprecated medical devices. That would at least be possible with free software, not with proprietary.