DNA Software Under Scrutiny

DNA Software Under Scruitiny

Probabilistic Genotyping Used for Criminal Prosecution

In a recent article published on The Markup, software that is used to match DNA in criminal prosecution has come under scrutiny.  The software implements what is known as probabilistic genotyping, a method used when analyzing data that contains a mixture of DNA from multiple people.  The software uses complex statistical algorithms to determine to compare the likelihood that a person’s unique DNA versus a random person’s DNA is present in a mixture.

Of course the benefit of such analysis tools could be the removal of potential bias or of human error.  On the downside, however, the defendant and his or her defense team do not have access to the algorithms.  Obviously there would be at least two concerns that have led to the DNA matching software coming under scrutiny:

  • How would one know if the algorithm had been tampered with or altered to bias in one way or the other?
  • How would one know if the software itself had been developed to any quality standard, and that the particular release of software included necessary error checks (we might call these risk controls in medical device lingo)?

Concerns with Use of Software

The article quoted Mats Heimdahl (Professor and Department Head, Computer Science & Engineering, University of Minnesota) and Jeanna Matthews, two computer science experts: “It is virtually certain that there are flaws in the TrueAllele software,” wrote  in a declaration to the federal court. “On average, there will be six flaws for every 1,000 lines of code, and TrueAllele has 170,000 lines of code.”

As software professionals in the medical device software field, we have a responsibility to ensure both appropriate security controls and appropriate software lifecycle controls.  For the software lifecycle process itself, of course IEC 62304 (See our post on 62304-FDA Compliance Training) is our standard and is recognized by US FDA as a consensus standard.  However, beyond the process rigor, the difference between high quality software and software of lower quality is often directly related to the defensive coding designs and the built-in error checking and recovery designs.  The exact methods used will depend upon the programming technologies selected, the intended use, the worst-case (or worst-cases) outcome, and other factors.  We must understand the ramifications of software failures.  If we believe the software experts in this column, there could be over 1,000 flaws or defects in that code.  Our process needs to reduce that number and our defensive coding and error-checking should be designed to reduce the likelihood that, should any of those defects occur, an acceptable outcome or output would be generated.

Read the article at this link:  https://themarkup.org/news/2021/03/09/powerful-dna-software-used-in-hundreds-of-criminal-cases-faces-new-scrutiny

About the author

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  June 5-7, 2024
Boston, MA

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

Register Now



Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: February 12-15, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.