[chimera-dev] Application Security Questions for Chimera

Tom Goddard goddard at sonic.net
Tue Oct 25 10:26:18 PDT 2022 

Hi Mike,

  We encourage all labs to use ChimeraX which is the successor to the Chimera program.  Chimera is only receiving critical maintenance while ChimeraX 1.0 came out 2 years ago, now at version 1.4, and is actively developed.

  We are the academic lab at UCSF that develops Chimera and ChimeraX.  We don't have formal development security reviews.  Our source code is under version control and only modified by the core developers at UCSF.  The software does not listen on ports and uses only web services that we host at UCSF.  This is research software that can be used to run Python analysis scripts.  Since Python is a general purpose language it can do anything on the computer that user privileges allow.  The researcher writes those scripts or obtains them from other researchers and is responsible for assuring they do nothing malicious.  Here is the Chimera developer web site

	https://www.rbvi.ucsf.edu/trac/chimera/wiki <https://www.rbvi.ucsf.edu/trac/chimera/wiki>

Here is the ChimeraX github repository and developer site

	https://github.com/RBVI/ChimeraX <https://github.com/RBVI/ChimeraX>

	https://www.rbvi.ucsf.edu/trac/ChimeraX/wiki <https://www.rbvi.ucsf.edu/trac/ChimeraX/wiki>


  Tom Goddard
  ChimeraX and Chimera developer

> On Oct 25, 2022, at 7:02 AM, Hart, Michael via Chimera-dev <chimera-dev at cgl.ucsf.edu> wrote:
> 
> I’ve been asked to approve installation of Chimera in one of our labs, and I was hoping that you might have documentation on your development processes and policies such that I can feel comfortable installing your app in our environment.  I have searched but not found documentation related to OWASP or other dev standards, or any assessments that may have been run.  Would you have information available? 
>  
> Thank you in advance,
>  
> Mike Hart  | Chief Information Security Officer (CISO)
> Metropolitan State University of Denver
> Information Technology Services
> Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
> Admin Building - 1201 5th Street 480M  Denver, CO 80204 
> 303-615-0541 (Office)
> 303-352-7548 (Help Desk)
> mhart20 at msudenver.edu <mailto:mhart20 at msudenver.edu> | www.msudenver.edu/technology <http://www.msudenver.edu/technology>
> <image001.jpg>
>  
>  
> _______________________________________________
> Chimera-dev mailing list
> Chimera-dev at cgl.ucsf.edu <mailto:Chimera-dev at cgl.ucsf.edu>
> https://www.rbvi.ucsf.edu/mailman/listinfo/chimera-dev <https://www.rbvi.ucsf.edu/mailman/listinfo/chimera-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rbvi.ucsf.edu/pipermail/chimera-dev/attachments/20221025/723daba7/attachment.html>

More information about the Chimera-dev mailing list