[R] What might be the security issues from installing R?

Marc Schwartz marc_schwartz at me.com
Mon Dec 28 23:07:32 CET 2009 

On Dec 28, 2009, at 12:23 PM, Peterson, Eric B. wrote:

> I work in a US government office, where regular computer users are  
> not allowed Admin access to their computers, and all software must  
> go through an extensive evaluation to be approved for installation  
> and use.  Several of us in my office would greatly benefit from R,  
> so I'd like to request that it go through the approval process.   
> Does anyone out there have any experience or advice to share?
>
> My guess is that we may run into problems due to R being open- 
> source, leading to a potential perception that the code might be  
> poorly controlled. This could be further complicated by the need for  
> downloading additional open-source packages.  At present, I am not  
> aware of any open source software that has passed through the  
> approval process, though I am also not aware of any policy against  
> open-source.
>
> Thanks!


Eric,

You might want to review the following document, which discusses R's  
SDLC, albeit in the context of FDA regulated clinical trials:

   http://www.r-project.org/doc/R-FDA.pdf

Note that the above document covers R as distributed by The R  
Foundation, so does not cover user contributed packages available via  
CRAN or other means.

If you were to search the R list archives, you will see that there are  
other U.S. ".gov" e-mail address from various organizations that use  
R, including NOAA, NPS, NIH, EPA, DOC and FRB. There are also many  
governmental bodies outside the U.S. that use R.

Another issue to be aware of is that since version 2.10.0, R uses  
dynamically built HTML pages for help. This requires the use of an R  
installed local web server, which might conflict with local policies.  
More information is available in the FAQs:

   http://cran.r-project.org/doc/manuals/R-admin.html#Help-options

If you are running Windows, you might be interested in the following:

   http://cran.r-project.org/bin/windows/base/rw-FAQ.html#Does-R-run-under-Windows-Vista_003f

and perhaps:

   http://cran.r-project.org/bin/windows/base/rw-FAQ.html#The-Internet-download-functions-fail_002e

 From a more generic perspective, if your institution is using Linux,  
Apache, OpenOffice, Firefox or Thunderbird among others, they are  
already using open source software.

The barrier to using open source gets lower all the time.

HTH,

Marc Schwartz

More information about the R-help mailing list