[R] R Software Risk Analysis

John Harrold john@m@h@rro|d @end|ng |rom gm@||@com
Fri Jun 19 01:56:15 CEST 2020 

I work in Pharma and we use R in all the companies I've worked for. They
are really paranoid and it's used in regulated environments as well with
patient data. So there should be something they can do.

Kristin: I can put you in touch with vendors who do our regulated work in R
if you're interested.

On Thu, Jun 18, 2020 at 4:45 PM David Winsemius <dwinsemius using comcast.net>
wrote:

>
> On 6/18/20 3:41 PM, John Harrold wrote:
> > Hello Kristin,
> >
> > Are you talking about risk analysis from the perspective of software
> > vulnerabilities?
>
>
> It appears that is exactly what is being asked. What is not clear is
> whether the installation would be offered to persons or groups on the
> network with no other security wrappers. R has never claimed to be
> "web-safe". It offers access to system level commands and file system
> manipulation that would probably compromise security arrangements.  In
> fact, over the course of the last 12 years when I've been reading this
> mailing list, there has never been a credible suggestion to offer R
> applications to untrusted users. Quite the opposite. Naked R is surely
> not going to pass any sort threat or risk scrutiny.
>
>
> My suggestion would be to investigate various wrappers for R such as
> Rstudio or the Microsoft re-worked version of what used to be Revolution
> R. They have lawyers and offer "enterprise solutions" and would
> presumably be able to speak to some sort of security analysis.  Whether
> either of those approaches would provide the level of security needed by
> a healthcare organization would be an interesting question. Perhaps yopu
> can report back after completing your investigation?
>
>
> --
>
> David.
>
> >
> > John
> >
> > On Thu, Jun 18, 2020 at 3:21 PM Wait, Kristin <WaitK using amc.edu> wrote:
> >
> >> HI all,
> >>
> >> I am with a NYS major trauma center and all programs that our
> >> employees/providers use must be vetted through the IT Department by way
> of
> >> a Risk Analysis.
> >> Is there someone I would talk to about this?
> >>
> >> I scoured your website and could not find a specific person.
> >>
> >> Thank you so much
> >> Kristin Wait
> >> Albany, NY
> >> ----------------------------------------- CONFIDENTIALITY NOTICE: This
> >> email and any attachments may contain confidential information that is
> >> protected by law and is for the sole use of the individuals or entities
> to
> >> which it is addressed. If you are not the intended recipient, please
> notify
> >> the sender by replying to this email and destroying all copies of the
> >> communication and attachments. Further use, disclosure, copying,
> >> distribution of, or reliance upon the contents of this email and
> >> attachments is strictly prohibited. To contact Albany Medical Center, or
> >> for a copy of our privacy practices, please visit us on the Internet at
> >> www.amc.edu.
> >>
> >>          [[alternative HTML version deleted]]
> >>
> >> ______________________________________________
> >> R-help using r-project.org mailing list -- To UNSUBSCRIBE and more, see
> >> https://stat.ethz.ch/mailman/listinfo/r-help
> >> PLEASE do read the posting guide
> >> http://www.R-project.org/posting-guide.html
> >> and provide commented, minimal, self-contained, reproducible code.
> >>
> >
>


-- 
John
:wq

	[[alternative HTML version deleted]]

More information about the R-help mailing list