[R] registry vulnerabilities in R

Richard M. Heiberger rmh at temple.edu
Wed May 9 20:10:15 CEST 2012


I spoke to someone in the military who did some investigation.
This is his response

>> 1.  I'm sorry that I don't have anything good to report. The military is
>> cautious with it's networks and I'm no longer able to use R at work.  I
>> don't know anything about this registry issue but the show stopper for me
>> even trying to get R on the military network is CRAN. All that r-project
>> checks on contributed applications is if they load (or compile as
>> necessary)
>> cross-platform. I could make an argument for the security of the Core
>> functionality of R but not for the contributed packages.


On 5/8/12, Paul Martin <pamartin at alum.mit.edu> wrote:
>
>    Kirtland Air Force Base has denied approval for the use of R on its
>    Windows network. Some of their objections seem a bit strange, but some
>    appear  to  be  legitimate. In particular, they have detected registry
>    "vulnerabilities"
>    which are detailed in the attachment.
>    I know nothing about Windows registry vulnerabilities. If any of these
>    issues are
>    legitimate concerns, I would like to see them fixed for everyone's
> benefit.
>    I would
>    appreciate a referral to the appropriate forum for this information. I
> am
>    willing
>    to  assist  in  getting  questions  answered  and gathering additional
>    information.
>    Thank you,
>    Paul Martin
>    Air Force Research Laboratory
>    Kirtland Air Force Base
>    Albuquerque, New Mexico
>



More information about the R-help mailing list