Bug Prevention in Medical Devices
A complex set of factors, including an aging population, is putting pressure on medical device manufacturers to produce increasingly intuitive devices, with advanced features and functionality, faster and less expensively than ever before.
To address the demands for faster, more advanced products, software is becoming a larger component of embedded devices. A recent study by VDC Research found that the average embedded project has more than 330,000 lines of code, with many larger projects totalling in the millions.1 As software is used to deliver the next generation of medical devices, its susceptibility to defects needs to be considered.
The FDA’s Medical Device Recalls database shows 460 medical device software-related recalls since November 1, 2002.2 Software failures in medical devices have included safety-critical situations such as,
- Pacemaker software which was found to be easily hacked3
- Defibrillator self-test software that was found to erase low battery warnings, making it susceptible to failure4
- At least two medical radiation therapy devices whose bug-laden software was found to be the root cause of several cases in which massive overdoses of radiation were administered to patients, some of whom died as a result5
The safety-critical nature of medical devices leaves little, if any, room for software failure. Producing high-quality software is critical to the success of the industry and its ability to meet the increasing demands of the healthcare sector.
Medical Devices Face Unique Challenges
While medical device manufacturers strive to release high-quality equipment based on stable software, they face a unique set of challenges compared to the rest of the embedded market.
According to VDC, developers of medical device software expect to see a 44.8% increase in the number of lines of code in their next project.6 This dwarfs the line of code growth rate for most other embedded device classes.7 As the complexity of this safety-critical software grows, it is increasingly important to ensure that the tools and procedures used by development teams can guarantee the quality and performance of that software.
Ironically, while the medical device industry is expecting one of the largest code growth rates, their engineering team has fewer software engineers than the average. Additionally, the percentage of resources “dedicated to software test, verification, and validation is roughly half that of the overall embedded industry.”8
This resource gap, coupled with the demand for next-gen medical devices will push these software development teams to look for other means to fulfil their code requirements.
- Outsourcing the project or part thereof
- Re-using legacy code (code developed for other similar projects or devices)
- Re-using third-party code (open-source)
- Hiring less experienced coders
While these are all valid approaches in software development today, each adds a vulnerability to the development process, and opens the door for defects to be introduced. Outsourcing introduces an additional layer of communication and validation challenges. Code re-use, which allows development organizations to take advantage of existing investments in previous engineering efforts, also “contributes to system complexity and amplifies the importance of rigorous automated testing.”9 And, while hiring less experienced programmers offers development resources at less cost, that code is likely to contain a greater percentage of defects than code produced by senior engineers. Clearly, a strong software verification and validation process is particularly critical when these techniques are used.
In addition to the numerous engineering challenges faced by medical device manufacturers, they must also satisfy a stringent regulatory environment. The Food and Drug Administration (FDA) has published the General Principles of Software Validation guidance that applies to all “software used as components in medical devices, to software that is itself a medical device, and to software used in production of the device or in implementation of the device manufacturer’s quality system.”10
A Comprehensive Approach to Software Verification and Validation
No single technique can solve these challenges, but a combination of approaches and technologies can ensure that medical device manufacturers can efficiently produce the highest quality of software possible. Three key areas related to software verification will harden the code produced for medical devices: developer training, peer code reviews, and source code analysis technology.
The creation of reliable, secure code will ultimately depend on the quality of developers on the team. Given the size and complexities of today’s embedded medical device software, it is often difficult for developers to know what impact their changes may have on a system. It is therefore important that developers are provided with both the proper tools to write more reliable code and the knowledge to remediate any issues. This type of ongoing education will help developers understand whether their coding practices are defensive enough to meet the high standards set out by the medical device industry.
Many organizations have difficulty implementing a consistent code review process, and for good reason, it is time consuming and requires the input of senior development resources. It is therefore essential that these reviews are focused on critical design and functional issues rather than programming bugs or code style problems that could have been fixed by the individual developer. This is especially true when attempting to implement a code review process across a geographically distributed team. Thus, developers need to ensure they provide the cleanest code possible for the code review process, ensuring that senior development resources are being used efficiently.
Finally, since even small, basic software applications can be too complicated to properly verify manually, employing source code analysis technology is essential in situations where complex, sophisticated code is being developed.
Source code analysis is an automated code inspection tool that detects and identifies deficiencies such as incorrect pointer usage, overflows, and leaks that can cause field failures. The best source code analysis tools not only deliver sophisticated analysis at build time, but also directly to the developer desktop. This approach allows individual developers at all experience levels to identify and remediate coding vulnerabilities before they check-in their code. With this approach, fewer faults make it into the code stream which leads to more effective code reviews, stable integration builds, and more reliable medical devices that are less likely to be recalled.
Software Quality Drives Productivity and Efficiencies
In all sectors and applications, the use of software is growing at a rapid pace, but in none so dramatically as the medical device industry. With its code bases becoming larger and more complex, and the need to address resource gaps with outsourcing and code reuse, a focus on training, code reviews, and automated technology will become increasing vital. Embedding sustainable processes and quality checkpoints into the software development process will help ensure manufacturers can meet the industry’s demand for safe, highly reliable, next-generation medical devices.
1Balacco, Steve and Rommel, Chris. Embedded Opportunity: Dynamics of Medical Device Evolution Driving Need for Static Analysis. VDC Research, July 2009.
2As of September 14, 2009: http://www.accessdata.fda.gov 
3Marquette, Sue. “Pacemakers vulnerable to attack.” Secure Computing, March 17, 2008: http://www.securecomputing.net.au 
6Because respondents cite a wide range of code bases sizes in addition to the expected growth rate, VDC provided a weighted mean of the overall expected code growth by weighting each response by the respondent’s current code base size as compared to that of the aggregate.
7Balacco, Steve and Rommel, Chris. Embedded Opportunity: Dynamics of Medical Device Evolution Driving Need for Static Analysis. VDC Research, July 2009.
10General Principles of Software Validation; Final Guidance for Industry and FDA Staff, January 11, 2002: http://www.fda.gov 
Alen Zukich is Klocwork ’s Director of Product Management, and sets the company’s product direction. With a technical and consulting background in the telecom equipment and software tools markets, Alen has helped hundreds of organizations successfully deploy source code analysis technology within some of the most demanding and complex development environments in the world.