For tools like this that run on desktop and do not reach out to a server, I
tend to focus the security approval request on what kind of data the
software will be run on.  I would tend to put a description in the request
of the planned uses and make sure to say if this is publicly available data
(i.e. digital library or ILS inventory metadata), and to separately
describe any potential handling of confidential information (i.e. student
directory info or circulation records), and to say in the request that a
conditional approval to only use this on publicly available non
confidential data is also useful in case it can be approved with
stipulations on what data can go into it.

Best,
-Wilhelmina


Wilhelmina Randtke
Head of Libraries Technologies and Systems
Zach S. Henderson Library
1400 Southern Dr.
Statesboro, GA, 30458
(912) 478-5035
[log in to unmask]




On Sun, Nov 30, 2025 at 10:59 PM Katherine O'Brien <
[log in to unmask]> wrote:

> Hi all,
>
> I'm trying to get approval to install OpenRefine on my university-owned
> device, but my request has been rejected due to security and management
> concerns. I'd love to hear from anyone using OpenRefine in an institutional
> context. How do you or your IT department manage it?
>
> Here are the main concerns raised by the IT department:
>
>
>   1.
> Lack of vendor support for open-source software
> I explained that OpenRefine has an active developer and user community,
> plus plenty of online training resources. This is no longer a concern.
>   2.
> Manual update processes
> I shared that OpenRefine is available through various package
> repositories, which they agreed could work.
>   3.
> Microsoft Defender cannot detect OpenRefine
> The issue is that OpenRefine uses a non-standard installation architecture
> and lacks a digital signature for its CPE, preventing Defender from
> identifying it. They said that since there’s no way to manually intervene,
> it creates challenges for vulnerability management.
>
> I posted about this on the OpenRefine discussion board<
> https://forum.openrefine.org/t/misunderstood-requirements-preventing-the-use-of-openrefine/1865>
> and got helpful feedback, but Point 3 remains a blocker. Has anyone
> successfully addressed this issue with institutional devices?
>
> Thanks in advance for any insights!
>
> Katherine
>
> Katherine O'Brien (She / Her)
> Application Administrator, Online Services
> The University of Notre Dame Australia
> Phone: +61 8 9433 0703 | University Library<https://library.nd.edu.au/home
> >
> ND39 Fremantle Campus, Nyungar boodjar
> I respect and acknowledge the Traditional owners of the land on which I
> live and work as the First People and Custodians of this country.
>
> [promotional banner. Crest logo of the University of Notre Dame Australia.
> Fremantle, Broome, Sydney. ND6259. CRICOS Provider: 01032F]<
> https://www.notredame.edu.au/>
>
> Disclaimer
>
> The information contained in this communication from the sender is
> confidential. It is intended solely for use by the recipient and others
> authorized to receive it. If you are not the recipient, you are hereby
> notified that any disclosure, copying, distribution or taking action in
> relation of the contents of this information is strictly prohibited and may
> be unlawful.
>
> This email has been scanned for viruses and malware, and may have been
> automatically archived by Mimecast Ltd, an innovator in Software as a
> Service (SaaS) for business. Providing a safer and more useful place for
> your human generated data. Specializing in; Security, archiving and
> compliance. To find out more visit the Mimecast website.
>