[R] R Software Risk Analysis
dw|n@em|u@ @end|ng |rom comc@@t@net
Fri Jun 19 01:45:52 CEST 2020
On 6/18/20 3:41 PM, John Harrold wrote:
> Hello Kristin,
> Are you talking about risk analysis from the perspective of software
It appears that is exactly what is being asked. What is not clear is
whether the installation would be offered to persons or groups on the
network with no other security wrappers. R has never claimed to be
"web-safe". It offers access to system level commands and file system
manipulation that would probably compromise security arrangements. In
fact, over the course of the last 12 years when I've been reading this
mailing list, there has never been a credible suggestion to offer R
applications to untrusted users. Quite the opposite. Naked R is surely
not going to pass any sort threat or risk scrutiny.
My suggestion would be to investigate various wrappers for R such as
Rstudio or the Microsoft re-worked version of what used to be Revolution
R. They have lawyers and offer "enterprise solutions" and would
presumably be able to speak to some sort of security analysis. Whether
either of those approaches would provide the level of security needed by
a healthcare organization would be an interesting question. Perhaps yopu
can report back after completing your investigation?
> On Thu, Jun 18, 2020 at 3:21 PM Wait, Kristin <WaitK using amc.edu> wrote:
>> HI all,
>> I am with a NYS major trauma center and all programs that our
>> employees/providers use must be vetted through the IT Department by way of
>> a Risk Analysis.
>> Is there someone I would talk to about this?
>> I scoured your website and could not find a specific person.
>> Thank you so much
>> Kristin Wait
>> Albany, NY
>> ----------------------------------------- CONFIDENTIALITY NOTICE: This
>> email and any attachments may contain confidential information that is
>> protected by law and is for the sole use of the individuals or entities to
>> which it is addressed. If you are not the intended recipient, please notify
>> the sender by replying to this email and destroying all copies of the
>> communication and attachments. Further use, disclosure, copying,
>> distribution of, or reliance upon the contents of this email and
>> attachments is strictly prohibited. To contact Albany Medical Center, or
>> for a copy of our privacy practices, please visit us on the Internet at
>> [[alternative HTML version deleted]]
>> R-help using r-project.org mailing list -- To UNSUBSCRIBE and more, see
>> PLEASE do read the posting guide
>> and provide commented, minimal, self-contained, reproducible code.
More information about the R-help