Details
-
Change Request
-
Resolution: Persuasive with Modification
-
Very High
-
FHIR Core (FHIR)
-
R4
-
Security
-
Security
-
-
Kathleen Connor / Julie Maas: 8-0-0
-
Clarification
-
Compatible, substantive
-
R5
Description
The security page should contain a clearly marked box that says:
Significant vulnerabilities have been found in FHIR Implementations in operational systems. These vulnerabilities have mainly been caused by poor implementation practices, not folllowing well documented security practices such as by organisations like [oWASP](https://owasp.org/). All FHIR implementers should be familiar with oWASP recommendations and follow their recommendations carefully.
or something like that. Once approved for R5 by the security committee, I'll make this is as a technical correction to R4 (upon approval from CTO/CSO)
Attachments
Issue Links
- mentioned in
-
Page Loading...