Cybersecurity and Open Source

The purpose of this group is to develop a response to a series of questions on Cybersecurity posed to the open source community by Dr. Paul Tibbits of VA.  The questions are:

  • Does the open source community have a focus on cybersecurity?
  • Are projects to enhance cybersecurity proposed to OSEHRA by the open source community? If so, have any been completed?
  • Are there lessons learned from Red Hat/LINUX WRT cybersecurity that might be applicable to health IT?
  • What is the relationship of OSEHRA certification to cybersecurity?

The plan is to submit the community response to Dr. Tibbits by Wednesday 13th of April.  There will be a weekly Wednesday call at 1 PM EDT to discuss the draft response.  The Webex call info is as follows:


Call-in number: 1-650-479-3207
, Access code: 661 832 679

Reference Documents and Related Links:

Group Email:

One thing that I think we...

One thing that I think we need to make sure that we focus on is the emphasis of cybersecurity within the realm of VistA to include M, current OpenSource Solutions and what OpenSources plans to do for Cloud based solutions. The super ironic thing about this conversation is that I asked similar question when the VA and OSEHRA began working together years ago.

My understanding is that...

My understanding is that buffer overruns and SQL injection are still significant issues in most contexts -- still things that the linked-to tools will check for, for example. But MUMPS is more or less immune to buffer overruns, and not as vulnerable to code injection as SQL is; could we add a slide to the presentation pointing this out?

Community Call on Cybersecurity for VistA Today (Wednesday) 1 PM ET

Please join us for the Community Call on Cybersecurity for VistA at 1 PM EDT today.


  • Summary of Red Hat Process and VA Process
  • Introduction to Apache Metron and NiFi, Frank Ramano, Hortonworks.

Presentation slides for today.

Here is the Webex call-in information:

Date/Time: Wednesday 1 PM EDT, April 06 2016

Need to re-schedule my Project Metron and Apache NiFi brief...

Good morning,

I was scheduled to brief the group on the new Apache projects: Metron and NiFi and their use in Cybersecurity solutions however, I am on travel and will be at a customer site during our meeting time this week.

Would it be possible to deliver this brief at our next meeting on 6 April ?

Best Regards,

Minutes and Recording from the Community Call on Cybersecurity for VistA - March 23, 2016

Thank to those who attend the Cybersecurity for VistA meeting.  We continued the discussion on the four questions (see below) from Dr.Tibbits.  For those who missed the meeting, here are the Powerpoint presentation and the recording from the meeting.

Here are the discussions associated with each question.

NiFi could be a great fit for VistA

My associate, Frank Romano, and I would like to participate in the OS Cyber response activity for VA/VistA.  As I mentioned during the recent call, I believe that NiFi could be a great fit for VistA.  I've attached a white paper FYI and we've both signed up for the weekly calls.

No questions have been added to this group.
No wikis have been added to this group.