Community mailing list archives

Re: Crowd funding the Odoo Penetration Test

Luke Branch
- 06/26/2015 06:30:52
Hi Nuria and OpusVL,

Thank you for taking the initiative on this, this has long been a concern of mine, and it is fantastic to see some professional penetration testing being organised. 

Please let us know once you launch the IndieGoGo campaign as I will certainly contribute what I can to this effort.



On Fri, Jun 26, 2015 at 5:36 PM, Nuria Arranz Velazquez <> wrote:

Dear all,

As you've seen in recent threads, we've been raising with Odoo a number of security issues that we've come across with, for which patches have been published. Still, it raises the question of how secure is Odoo.

As a long-running partner with a reputation to maintain, we want Odoo to be safe, and for this reason we contacted NCC (leader in security auditing of software) to do a professional security audit of Odoo or "Penetration Test".

More details on NCC testing available here:

Odoo is fully supportive of our initiative, as we are after all working towards the same goal: Increasing security & raising Odoo's profile.
NCC will raise awareness of the activity through their global network and we have also engaged a PR company to optimise the reach of this initiative through national press.

To fund this professional audit, we will launch an IndieGoGo campaign and hope you will all support us.

The funding campaign will run to the end of July as the test is booked for August.

The test plan

The test Odoo is Version 8 installed on an up to date Debian platform. It has the base set of standard modules installed including:

    Sales order
    Purchase order
    Accounting & finance
    Base web builder with contact form

The following components are within the scope of the testing:

    Login pages, both web and admin
    Database admin

This campaign will benefit all of us, so I hope you are able to support it, and if not, at least spread the word.

I will be posting a link with full details of the campaign to this thread as soon as the campaign is launched, and will keep everyone updated regularly.

As with any crowd funding campaign, the first few weeks are critical to draw the interest of others outside the immediate group so it would be really good if you can join in, even if it is just a small amount.

With your support we can put Odoo ahead of the other ERP systems in security as it already is with functionality, and significantly increase the quantity of people aware of Odoo.

Thank you all in advance,


N. Arranz-Velazquez
OpusVL Odoo Specialist Team (OOST)
Product Owner

Drury House
Drury Lane
CV21 3DE

T: 01788 298 450

Post to: