We’re excited to announce the launch of SAFE-OSE (Secure Applications For Open-source Ecosystems) – a new 2-year project funded by a grant from the National Science Foundation and carried out as a collaboration between Indiana University and OpenMRS.
OpenMRS is a critical open-source electronic medical record system used in many countries and healthcare settings. Because it supports real patient care, security and privacy are especially important. SAFE-OSE focuses on helping the OpenMRS community strengthen security in practical, sustainable, and community-driven ways – without changing what makes OpenMRS open and collaborative.
This project brings together long-time OpenMRS contributors, health informatics researchers, and computer security experts. The goal is help make security work more visible, easier to participate in, and better supported over time for OpenMRS.
What SAFE-OSE will work on
Some of the key activities planned in this project include:
- Creating clearer and more consistent ways to identify, score, and prioritize security vulnerabilities
- Improving secure coding guidance and training for OpenMRS contributors
- Adding automated security checks into existing development and build workflows
- Strengthening security governance, including how issues are reported, reviewed, and fixed
- Supporting better software supply-chain security (for example, verifying releases and dependencies)
- Sharing lessons learned so OpenMRS can serve as a model for secure open-source health software
Forming an OpenMRS Security Squad
As part of SAFE-OSE, we will be forming a Security Squad – a group of community members who are interested in actively moving this work forward and improving the security of OpenMRS.
The Security Squad may include:
- Developers and maintainers
- Implementers with real-world security experience
- Students and researchers interested in health software security
- Security professionals who want to contribute to a high-impact open-source project
You do not need to be a security expert to participate—interest, curiosity, and willingness to collaborate are more important than prior experience.
How you can get involved
- Join the discussion here on OpenMRS Talk
- Volunteer to participate in the Security Squad
- Share feedback on current security challenges or gaps
- Help spread the word to security-focused communities or colleagues
If you’re interested in participating or learning more, please reply to this thread. We’re looking forward to working together with the OpenMRS community to make the platform even more secure, resilient, and trustworthy.
– The SAFE-OSE Team (including @sunbiz, @paul, Dr. Xukai Zou, @janflowers, @burke, @dkayiwa, @ibacher, @jayasanka, @raff, @veronica, @erica, @beryl)
