[chimera-dev] Application Security Questions for Chimera

Greg Couch gregc at cgl.ucsf.edu
Tue Oct 25 11:00:02 PDT 2022 

And the web sites that we host, and the computers that host them, are 
regularly scanned by the university for vulnerabilities.   And even 
though we are an academic lab, since the university has a medical school 
with HIPPA information, it seems like we are subjected to an extra level 
of paranoia.  But maybe that is the new normal.

     -- Greg

On 10/25/2022 10:26 AM, Tom Goddard via Chimera-dev wrote:
> Hi Mike,
>
>   We encourage all labs to use ChimeraX which is the successor to the 
> Chimera program.  Chimera is only receiving critical maintenance while 
> ChimeraX 1.0 came out 2 years ago, now at version 1.4, and is actively 
> developed.
>
>   We are the academic lab at UCSF that develops Chimera and ChimeraX. 
>  We don't have formal development security reviews.  Our source code 
> is under version control and only modified by the core developers at 
> UCSF.  The software does not listen on ports and uses only web 
> services that we host at UCSF.  This is research software that can be 
> used to run Python analysis scripts.  Since Python is a general 
> purpose language it can do anything on the computer that user 
> privileges allow.  The researcher writes those scripts or obtains them 
> from other researchers and is responsible for assuring they do nothing 
> malicious.  Here is the Chimera developer web site
>
> https://www.rbvi.ucsf.edu/trac/chimera/wiki
>
> Here is the ChimeraX github repository and developer site
>
> https://github.com/RBVI/ChimeraX
>
> https://www.rbvi.ucsf.edu/trac/ChimeraX/wiki
>
>
>   Tom Goddard
>   ChimeraX and Chimera developer
>
>> On Oct 25, 2022, at 7:02 AM, Hart, Michael via Chimera-dev 
>> <chimera-dev at cgl.ucsf.edu> wrote:
>>
>> I’ve been asked to approve installation of Chimera in one of our 
>> labs, and I was hoping that you might have documentation on your 
>> development processes and policies such that I can feel comfortable 
>> installing your app in our environment.  I have searched but not 
>> found documentation related to OWASP or other dev standards, or any 
>> assessments that may have been run.  Would you have information 
>> available?
>> Thank you in advance,
>> *Mike Hart  | Chief Information Security Officer (CISO)*
>> *Metropolitan State University of Denver
>> Information Technology Services*
>> Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
>> Admin Building - 1201 5^th  Street 480M  Denver, CO 80204
>> 303-615-0541 (Office)
>> 303-352-7548 (Help Desk)
>> mhart20 at msudenver.edu <mailto:mhart20 at msudenver.edu> | 
>> www.msudenver.edu/technology <http://www.msudenver.edu/technology>
>> <image001.jpg>
>> _______________________________________________
>> Chimera-dev mailing list
>> Chimera-dev at cgl.ucsf.edu
>> https://www.rbvi.ucsf.edu/mailman/listinfo/chimera-dev
>
>
> _______________________________________________
> Chimera-dev mailing list
> Chimera-dev at cgl.ucsf.edu
> https://www.rbvi.ucsf.edu/mailman/listinfo/chimera-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rbvi.ucsf.edu/pipermail/chimera-dev/attachments/20221025/dfff07d2/attachment-0001.html>

More information about the Chimera-dev mailing list