Hi Sebastien, Any certification applies only for a specific version of any system/RTOS and each vendor needs to do their own recertification.
Also it is important to know that a safety system eventually could fail, but it has ways to mitigate the failure, as redundancy and security fail-operational mode. https://curatepartners.com/blogs/skills-tools-platforms/understanding-safety-critical-systems-ensuring-reliability-and-safety-in-high-stakes-industries/ So, nobody will because because your contribution(s). BR, Alan On Thu, Jan 2, 2025 at 8:20 PM Sebastien Lorquet <sebast...@lorquet.fr> wrote: > Hello, > On 1/2/25 23:52, Alan C. Assis wrote: > > Hi Yousif, > > This is the kind of feedback we like to hear! Thank you for that! > > NuttX is used in many areas including critical real-time applications. So, > if your question is: Is NuttX safe enough to be used in medical > application, the answer is YES! > > NO. it is not, by design, and I am glad it is not, otherwise I would freak > every night that someone could die because of my contributions. > > Apache licence here: https://www.apache.org/licenses/LICENSE-2.0 says: > > *7. Disclaimer of Warranty*. Unless required by applicable law or agreed > to in writing, Licensor provides the Work (and each Contributor provides > its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF > ANY KIND, either express or implied, including, without limitation, any > warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or > FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for > determining the appropriateness of using or redistributing the Work and > assume any risks associated with Your exercise of permissions under this > License. > > So no, by license there are ABSOLUTELY NO GUARANTEE, and not even remotely. > > > It is used in drone, rockets (search for NuttX land in the moon), robot, > smartwatch, appliances, cars, etc. Recently it received critical safety > application certification for automative usage (I cannot say the company > name, but they will announce it soon). > > That is cool. Good point in the right direction, however this is less > stringent than medical stuff. > > > https://developer.sony.com/posts/apache-nuttx-powers-worlds-smallest-lunar-robot-in-japans-historic-autonomous-lunar-exploration-mission > > I do not read that NuttX powered the flight computer, and so it did not > land on the moon. To my knowledge, it selected pictures in a nuttx-powered > imaging payload. Correct me if I am wrong, that would be awesome to get me > wrong, but it also reassures me that my contributions did not risk the fate > of a moon landing. > > > For sure there are medical devices using NuttX, how do I now that? Because > on 2021 an institute found issues on medical devices RTOSes and NuttX was > included: > https://www.bfarm.de/SharedDocs/Risikoinformationen/Medizinprodukte/EN/vulnerabilities_realtime_os.html?nn=968830 > > Quoting the page: > > The BfArM points out critical vulnerabilities in the real-time operating > systems of various venders. Details can be found here: > > https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04 > > Affected products are: > > - Amazon FreeRTOS, Version 10.4.1 > - Apache Nuttx OS, Version 9.1.0 > > So probably not the best ad for nuttx in medical devices. > > And bit below: > > Real-time operating systems – especially QNX und VxWorks – are used in > many medical devices; > > The list looks generic. Again maybe i am wrong, yes I have read the URL. > > > > If your company decide to use NuttX, please talk about it in our NuttX > Conference (NuttX International Workshop), this way more people with have > confidence to use NuttX on medical devices too! > > That would be frightening, to be honest. Participating in a conference is > NOT a safety certification. > > Such a medical device would require MANY certifications by independent > bodies, and it would likely require many audits to ascertain the safety of > the OS for life critical applications. > Also, certification of ONE device run by NuttX will NEVER mean that NuttX > is generally safe whatever the product. > > I do not want anyone killed because of NuttX, and indirectly by my > contributions. So safety and prudence is of utmost importance here. > > So: not impossible, but that would be some huge development and testing > work, and safety is definitely not built in in NuttX. > > Safety is per-product and any use of NuttX in a safety product requires > certification work. The facts described by Alan are useful in showing that > it can be achieved somewhat, but nothing more. > > Sebastien > > > > BR, > > Alan > > On Friday, January 3, 2025, Yousif Askar <yousif.as...@bd.com.invalid> > <yousif.as...@bd.com.invalid> wrote: > >> Hello! >> >> My name is Yousif Askar, and I'm a software engineer at the global >> medical device company Becton, Dickinson, & Co. My team and I discovered >> NuttX recently and were wondering if it was utilized in the medical device >> industry often? We know it to be a wonderful low-powered RTOS but are not >> sure the types of industries in which it is utilized, as I have not been >> able to find any documentation online outlining such information. >> >> Thank you! >> >> *Yousif Askar **(he/him) * >> >> *Software Engineer* >> >> *UCC* >> >> >> >> >> *yousif.as...@bd.com <yousif.as...@bd.com>* >> >> >> 321 South Taylor Avenue >> <https://www.google.com/maps/search/321+South+Taylor+Avenue+%0D%0A+Louisville,+CO,+80027+%0D%0A+US?entry=gmail&source=g> >> >> >> Louisville, CO, 80027 >> <https://www.google.com/maps/search/321+South+Taylor+Avenue+%0D%0A+Louisville,+CO,+80027+%0D%0A+US?entry=gmail&source=g> >> >> US >> <https://www.google.com/maps/search/321+South+Taylor+Avenue+%0D%0A+Louisville,+CO,+80027+%0D%0A+US?entry=gmail&source=g> >> >> >> >> *bd.com <http://www.bd.com/>* >> >> ******************************************************************* >> IMPORTANT MESSAGE FOR RECIPIENTS IN THE U.S.A.: >> This message may constitute an advertisement of a BD group's products or >> services or a solicitation of interest in them. If this is such a message >> and you would like to opt out of receiving future advertisements or >> solicitations from this BD group, please forward this e-mail to >> optoutbygr...@bd.com. [BD.v1.0] >> ******************************************************************* >> This message (which includes any attachments) is intended only for the >> designated recipient(s). It may contain confidential or proprietary >> information and may be subject to the attorney-client privilege or other >> confidentiality protections. If you are not a designated recipient, you may >> not review, use, copy or distribute this message. If you received this in >> error, please notify the sender by reply e-mail and delete this message. >> Thank you. >> ******************************************************************* >> Corporate Headquarters Mailing Address: BD (Becton, Dickinson and >> Company) 1 Becton Drive Franklin Lakes, NJ 07417 U.S.A. >> <https://www.google.com/maps/search/1+Becton+Drive+Franklin+Lakes,+NJ+07417+U.S.A.?entry=gmail&source=g> >> >> BD Restricted >> >
