Commercial software is released when the marketroids say so. Medical software is released when you can defend yourself in court ---meaning testing, procedures, QA, documentation, skill, etc.
What is dangerous is when commercial software is used in life-critical apps, eg some vulnerable software is used by a contractor for a nuclear reactor.
I took classes with Dr. Nancy Leveson and roomed with Dr. Clark Savage Turner. I later read the Therac papers, worked for a defibrillator company, and later an electrosurgical instrument company. None catastrophic; though the chief scientist at the place I now work at has worked on aircraft systems, as have the two other founders.
I worked on a video kludge for some obsolete hardware there, nothing critical at all.
The defib code and the ESG / ESU code could hurt one or two people, nothing major
catastrophic, but still enough to be superuseful and somewhat or slightly dangerous.
I was not a lead, in fact, brought in fairly late, in the case of the defib; but I am
the lead on the ESU.
In a few years my software could run a tool being stuck into your inflated abdomen. I will do my best to make it do as told.
