Comment by AnthonyMouse

> But they don't have the budget and resources that commercial entities have.

Everyone is standing on the shoulders of giants. You're not going from stone tools to jet engines in a month, but you could fix a bug in one in that time.

> They don't have the same due diligence requirements. They don't have the same liability.

Things that exist to try to mitigate the misalignment of incentives that comes from paying someone else to create something you depend on. Better for the incentives to align to begin with.

Notice also that these things are floors, not ceilings. The company is only required to do the minimum. You can exceed it by as much as you like.

> If I use a commercial device unaltered, it's the company's fault if the device fucks up or is defective and causes harm. If I install random internet software on my medical device and it fucks up and causes harm, it's my fault.

And then if the community version fixes a bug that would have killed you and you stick with the commercial version you can sue them for killing you. Except that you're dead.

> There is simply no way random folks on the internet can test these types of systems to any reliable degree.

Basically the entire population is on the internet, so the set of them includes all the people doing it for a corporation. Are they going to forget how to do their jobs when they go home, or when they or a member of their family gets issued another company's device and they want it to be right?