OHDSI Home | Forums | Wiki | Github

Security/INFOSEC approvals

We are trying to implement at an institution that requires some vetting of open sources software. Is there an example of any implementer that has overcome this approval step? Online I only see one analysis that is flagging an issue with an older WebAPI version.

Analysis on webAPI Ohdsi Webapi - Security Database

Hi George. Please feel free to reach out to me directly at gregory.klebanov@odysseusinc.com. Our company has been deploying ATLAS/WebAPI to Healthcare institutions and Pharma companies for several years now and we have a lot of experience working with internal security and compliance teams - happy to share

Is there an known issue that is keeping the WebAPI dependent on the <hibernate.version>5.4.2.Final?
The fact that version is now flagged as doing now more security updates is an issue our security team would like to understand. It seems the migration path to 5.6 involves moving to different text blob handling and to JAXB rather than DOM4J.