And the web sites that we host, and the computers that host them, are regularly scanned by the university for vulnerabilities.   And even though we are an academic lab, since the university has a medical school with HIPPA information, it seems like we are subjected to an extra level of paranoia.  But maybe that is the new normal.

    -- Greg

On 10/25/2022 10:26 AM, Tom Goddard via Chimera-dev wrote:
Hi Mike,

  We encourage all labs to use ChimeraX which is the successor to the Chimera program.  Chimera is only receiving critical maintenance while ChimeraX 1.0 came out 2 years ago, now at version 1.4, and is actively developed.

  We are the academic lab at UCSF that develops Chimera and ChimeraX.  We don't have formal development security reviews.  Our source code is under version control and only modified by the core developers at UCSF.  The software does not listen on ports and uses only web services that we host at UCSF.  This is research software that can be used to run Python analysis scripts.  Since Python is a general purpose language it can do anything on the computer that user privileges allow.  The researcher writes those scripts or obtains them from other researchers and is responsible for assuring they do nothing malicious.  Here is the Chimera developer web site

https://www.rbvi.ucsf.edu/trac/chimera/wiki

Here is the ChimeraX github repository and developer site

https://github.com/RBVI/ChimeraX

https://www.rbvi.ucsf.edu/trac/ChimeraX/wiki


  Tom Goddard
  ChimeraX and Chimera developer

On Oct 25, 2022, at 7:02 AM, Hart, Michael via Chimera-dev <chimera-dev@cgl.ucsf.edu> wrote:

I’ve been asked to approve installation of Chimera in one of our labs, and I was hoping that you might have documentation on your development processes and policies such that I can feel comfortable installing your app in our environment.  I have searched but not found documentation related to OWASP or other dev standards, or any assessments that may have been run.  Would you have information available? 
 
Thank you in advance,
 
Mike Hart  | Chief Information Security Officer (CISO)
Metropolitan State University of Denver
Information Technology Services
Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
Admin Building - 1201 5th Street 480M  Denver, CO 80204 
303-615-0541 (Office)
303-352-7548 (Help Desk)
mhart20@msudenver.edu | www.msudenver.edu/technology
<image001.jpg>
 
 
_______________________________________________
Chimera-dev mailing list
Chimera-dev@cgl.ucsf.edu
https://www.rbvi.ucsf.edu/mailman/listinfo/chimera-dev


_______________________________________________
Chimera-dev mailing list
Chimera-dev@cgl.ucsf.edu
https://www.rbvi.ucsf.edu/mailman/listinfo/chimera-dev