Friday, August 03, 2007

What is Safe Enough?

I wrote a piece a little bit ago comparing software security and liability to liability in the pharmaceutical industry.

Wired had a great article today about drug safety titled "FDA Drug Standards: What's Safe Enough?" I think a few of their points are pretty relevant to the discussion:

Does the FDA advisory panel's decision mean Avandia is safe?

It's safe enough, according to 22 of the 23 scientists on the FDA panel. That means the drug's benefits -- decreasing blood-sugar levels -- are more important than the potential risks cited in the Journal study. Plus, it's not even clear that the harm indicated in the study was caused by the drug.

And, more on how we measure safe...

I'm not convinced. Why is the FDA approving drugs that may not be safe?

Before a drug is released, clinical trials study thousands of patients. But deadly complications to new drugs are often extremely rare and don't emerge until millions of people have taken the drug.


The FDA must weigh many factors when it comes to deciding whether to keep a drug on the market. Do the benefits outweigh the risks? Do other drugs on the market treat the disease with fewer side effects? As reporter Trevor Butterworth said recently on The Huffington Post: "What if we save 20 out of 100 people from going blind, but increase the risk of heart attack for four out of 100? Is this acceptable? No one really has a good answer."

I think this answer is a really good one to think about when you're developing software. Defining what safe enough is varies a lot by product, market, customer, type of data you're processing, etc.

The takeaway I suppose is that even where it truly it life-and-death there aren't easy answers to these types of questions. It makes me feel a little better I guess...

No comments: