[R] [External] Re: R Software Risk Analysis

Richard M. Heiberger rmh @end|ng |rom temp|e@edu
Fri Jun 19 02:26:41 CEST 2020


You should start by reading
R: Regulatory Compliance and Validation Issues: A guidance document
for the use of R in regulated clinical trial environments.
https://www.r-project.org/doc/R-FDA.pdf

The official link to that file is at the R home page https://www.r-project.org/
In the left column, click on Certification.

That takes you to the page that offers the Compliance paper and a
paper on the R Development cycle.

Rich

On Thu, Jun 18, 2020 at 7:46 PM David Winsemius <dwinsemius using comcast.net> wrote:
>
>
> On 6/18/20 3:41 PM, John Harrold wrote:
> > Hello Kristin,
> >
> > Are you talking about risk analysis from the perspective of software
> > vulnerabilities?
>
>
> It appears that is exactly what is being asked. What is not clear is
> whether the installation would be offered to persons or groups on the
> network with no other security wrappers. R has never claimed to be
> "web-safe". It offers access to system level commands and file system
> manipulation that would probably compromise security arrangements.  In
> fact, over the course of the last 12 years when I've been reading this
> mailing list, there has never been a credible suggestion to offer R
> applications to untrusted users. Quite the opposite. Naked R is surely
> not going to pass any sort threat or risk scrutiny.
>
>
> My suggestion would be to investigate various wrappers for R such as
> Rstudio or the Microsoft re-worked version of what used to be Revolution
> R. They have lawyers and offer "enterprise solutions" and would
> presumably be able to speak to some sort of security analysis.  Whether
> either of those approaches would provide the level of security needed by
> a healthcare organization would be an interesting question. Perhaps yopu
> can report back after completing your investigation?
>
>
> --
>
> David.
>
> >
> > John
> >
> > On Thu, Jun 18, 2020 at 3:21 PM Wait, Kristin <WaitK using amc.edu> wrote:
> >
> >> HI all,
> >>
> >> I am with a NYS major trauma center and all programs that our
> >> employees/providers use must be vetted through the IT Department by way of
> >> a Risk Analysis.
> >> Is there someone I would talk to about this?
> >>
> >> I scoured your website and could not find a specific person.
> >>
> >> Thank you so much
> >> Kristin Wait
> >> Albany, NY
> >> ----------------------------------------- CONFIDENTIALITY NOTICE: This
> >> email and any attachments may contain confidential information that is
> >> protected by law and is for the sole use of the individuals or entities to
> >> which it is addressed. If you are not the intended recipient, please notify
> >> the sender by replying to this email and destroying all copies of the
> >> communication and attachments. Further use, disclosure, copying,
> >> distribution of, or reliance upon the contents of this email and
> >> attachments is strictly prohibited. To contact Albany Medical Center, or
> >> for a copy of our privacy practices, please visit us on the Internet at
> >> www.amc.edu.
> >>
> >>          [[alternative HTML version deleted]]
> >>
> >> ______________________________________________
> >> R-help using r-project.org mailing list -- To UNSUBSCRIBE and more, see
> >> https://stat.ethz.ch/mailman/listinfo/r-help
> >> PLEASE do read the posting guide
> >> http://www.R-project.org/posting-guide.html
> >> and provide commented, minimal, self-contained, reproducible code.
> >>
> >
>
> ______________________________________________
> R-help using r-project.org mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.



More information about the R-help mailing list