VISTA Enterprise Network - Successful Implementation, World Class Support
Home > Resources

Events

M2M Broker Security Patch

In late July, a VISTA security vulnerability was discovered in the M2M Broker by a graduate student named Doug Mackey as part of an academic exercise at Georgia Tech. The VISTA Expertise Network validated the vulnerability for some VISTA configurations, and contacted OSEHRA to coordinate a community response. A special open-source project group called the Special Software Enhancement Project (SSEP) was formed. Operating under non-disclosure agreements (industry best practice in handling zero-day exploits), OSEHRA members and collaborating partners (including VA and IHS) worked jointly to create and test an applicable patch. The patch introduces a new variable to designate whether the M2M Broker is required. For example systems utilizing the DICOM Gateway would require the broker. Where the broker is required, the patch corrects the security deficiency. Otherwise, the broker is disabled.

NOTE: if your site is a multi-divisional site, please contact Matt McCall at mccallm@osehra.org for additional information prior to patch installation.

OSEHRA is pleased to report the completion of this effort, and the successful distribution of patches to the impacted Veterans Affairs and Indian Health Service sites. The OSEHRA patch is now available for download at http://files.osehra.org/and http://files.osehra.org/SSEP. This represents completion of the SSEP charter and the SSEP, as such, is dissolved. This action removes all restrictions for those who have signed Non-Disclosure Agreements on this subject.

OSEHRA is grateful for the support received from its members in addressing this issue, and for the cooperation of all NDA signatories in controlling the dissemination of information on this issue.

To reply to this content, please visit: http://www.osehra.org/blog/m2m-broker-security-patch.

Hackers' Retreat

VISTA Expertise Network was excited to host our first annual VISTA Hackers' Retreat! On April 22-26, 2013 top VISTA developers joined together at Fort Worden, tucked away in picturesque Port Townsend, perched where the Puget Sound and the Strait of Juan de Fuca to meet for an all-out week of programming.

What was the VISTA Hackers' Retreat?

The VISTA Hackers' Retreat was an intensive, week-long code sprint that brought together top VISTA developers from all over the country. It was designed to invoke a "computer camp" atmosphere, with the developers housed together in secluded accommodations and surrounded by natural beauty.

What did the first annual VISTA Hackers' Retreat produce?

This year, the Hackers' Retreat was focused on VISTA's Laboratory package. Our goal was to jumpstart the next version of Lab by revising the package's current structure and updating some of the key routines. The Lab experts also mapped out a blueprint for how to finish the new release once the Retreat was over. The ultimate goal is to release a new version of Lab by the end of 2013.

A new version of VISTA's Laboratory package has not been released since 1994. A new version is long overdue will benefit the entire open-source VISTA ecosystem. If you are interested in hearing more about what our Hackers' Retreat produced, contact our Event Director, Susan Mohn, at susan.mohn@vistaexpertise.net for more information.

Community

Here at VISTA Expertise Network we want to help. If you're stumped by a VISTA-related issue, just call us - if we can't solve your issue we can point you in the direction of someone who can. For ongoing VISTA support we offer affordable solutions to meet your needs.

We also provide access to VISTA-related support resources including our upcoming patch release newsletter and FAQ. Follow the links below to other VISTA community resources provided by other organizations.