The purpose of this group is to develop a response to a series of questions on Cybersecurity posed to the open source community by Dr. Paul Tibbits of VA. The questions are:
- Does the open source community have a focus on cybersecurity?
- Are projects to enhance cybersecurity proposed to OSEHRA by the open source community? If so, have any been completed?
- Are there lessons learned from Red Hat/LINUX WRT cybersecurity that might be applicable to health IT?
- What is the relationship of OSEHRA certification to cybersecurity?
The plan is to submit the community response to Dr. Tibbits by Wednesday 13th of April. There will be a weekly Wednesday call at 1 PM EDT to discuss the draft response. The Webex call info is as follows:
Call-in number: 1-650-479-3207
, Access code: 661 832 679
Reference Documents and Related Links:
- Open Source Software and Cyber Defense, Bob Gourley, April 2009
- Open Source Cybersecurity Catalog, Homeland Open Security Technology (HOST) Project
- NSA Shares Cyber Tool on Agency's Corporate GitHub Website, NSA.gov
- 10 Essential Open Source Security Tools, Hackertarget.com
- System Integrity Management Platform (SIMP), NSA GitHub
- Open Security Content Automation Protocol (oSCAP)
- VA's current "static" code analyzer
- NIST SCAP site
- Open SCAP site
- Prohibited Use of FTP and Telnet Service, Department of Veteran's Affairs