The design, documentation and especially source code should only be ever made available to entities with the knowledge and skill to maintain these implants safely and purely for the benefit of the users. If any random Joe Garage Hacker can get the source and devise patches for implant devices, the result will be an endless hellish nightmare for whoever has these implants in them. It'd be the IoT mess all over again, but with people's bodies, not just their homes.
That's just an argument for why it should be open source from the beginning: let bugs be spotted early and be sure the designs are as secure as we can make them before somebody gets saddled with one in their skin for life. Security through obscurity is not the answer.
That's exactly why the source code cannot be open to hacking by random people who suddenly wake up to a feeling of being qualified to work on something like that. There's a a general attitude of overconfidence among software developers that extends into other areas of expertise that they actually know nothing about. HN reflects this very well. And that's exactly why some things can never be allowed to be fully open.
To whoever reads this comment, just ask yourself this: how much vetting and testing do you want for the code on a pacemaker or insulin pump? Do you think you can perform that level of testing at home? If you think that you can, you're exactly the kind of dangerous person that can't be allowed to mess with this stuff.
I think we may be imagining different scenarios. I was operating under the idea of a company opening its code up to public scrutiny with enough time to accommodate any changes suggested by qualified members of the public. It seems you're imagining a world where medical devices are homebrew with no centralized authority?
