The OSEHRA Information Assurance Project Group will develop and maintain a consistent approach to addressing Information Assurance (IA) requirements within OSEHRA VistA and other open source software managed by OSEHRA. This group will routinely and actively conduct tiger team activities against OSEHRA VistA to help identify vulnerabilites. The group will also monitor OSEHRA's dedicated email address for security issues reporting (email@example.com), and coordinate the community response to newly-discovered security issues and vulnerabilities. Members of this group will be required to sign a Non-Disclosure Agreement that controls the dissemination of security vulnerability information, releasing such information only after appropriate remediation is available and a consensus on releasability is reached in the group.
The OSEHRA IA Project Group has several working deliverables that are currently in progress. Deliverables include vulnerability identification and remediation management, identifying critical system components, analyzing source code for security vulnerabilities and establishing secure coding best practices and guidelines. Deliverables are:
- System Component Analysis Document
- High Risk Component Analysis
- Secure Coding Guidelines
- Static Code Analysis Guidelines
- Tiger Teaming Activities and Guidelines
Mailing list email address: firstname.lastname@example.org