The ACM case study on Medical Implant Risk Analysis (ACM, n.d.) explores a situation in which a medical technology company, Corazón, faces scrutiny after a vulnerability is discovered in its implanted device. The issue stemmed from a hardcoded initialisation value that remained on the implant device at the time of release. This oversight was later identified through Corazón’s open bug bounty program, which illustrates the growing role of external audits in modern software assurance (Gal-Or et al., 2024).
This case presents a clear ethical dilemma regarding professional responsibility, risk management, and the safeguarding of public health. According to the ACM Code of Ethics, computing professionals are expected to avoid harm (1.2), ensure comprehensive system evaluations (2.5), and contribute to society and human well-being (1.1). Failing to remove development artefacts, such as hardcoded values, before product release can compromise safety and trust, especially in systems that interact directly with human bodies (Nurse et al., 2017).
Comparatively, the BCS Code of Conduct (BCS, 2022) similarly emphasises public interest and safety. Clause 1(a) specifically directs members to have “due regard for public health, privacy, security and wellbeing of others.” From a legal and social standpoint, the incident highlights how even minor lapses in software development can have broader implications, including potential legal liabilities, reputational damage, and a decline in public trust in health technologies.
This case reminds us that professionalism in computing is not just about technical execution, but also about maintaining integrity, accountability, and vigilance throughout the development lifecycle.
References
ACM, Case Study: Medical Implant Risk Analysis. Available at: https://www.acm.org/code-of-ethics/case-studies/medical-implant-risk-analysis.
BCS, 2022. bcs-code-of-conduct. Available at: https://www.bcs.org/media/2211/bcs-code-of-conduct.pdf.
Gal-Or, E., Hydari, M.Z. & Telang, R., 2024. Merchants of vulnerabilities: How bug bounty programs benefit software vendors. arXiv [cs.CR]. Available at: http://arxiv.org/abs/2404.17497.
Nurse, J.R.C., Creese, S. & De Roure, D., 2017. Security risk assessment in internet of things systems. IT professional, 19(5), pp.20–26. Available at: http://dx.doi.org/10.1109/mitp.2017.3680959.