Community mailing list archives
Re: Crowd funding the Odoo Penetration Testby
Thank you for taking the initiative on this, this has long been a concern of mine, and it is fantastic to see some professional penetration testing being organised.
As you've seen in recent threads, we've been raising with Odoo a number of security issues that we've come across with, for which patches have been published. Still, it raises the question of how secure is Odoo.
As a long-running partner with a reputation to maintain, we want Odoo to be safe, and for this reason we contacted NCC (leader in security auditing of software) to do a professional security audit of Odoo or "Penetration Test".
More details on NCC testing available here: https://www.nccgroup.trust/uk/our-services/security-consulting/
Odoo is fully supportive of our initiative, as we are after all working towards the same goal: Increasing security & raising Odoo's profile.
NCC will raise awareness of the activity through their global network and we have also engaged a PR company to optimise the reach of this initiative through national press.
To fund this professional audit, we will launch an IndieGoGo campaign and hope you will all support us.
The funding campaign will run to the end of July as the test is booked for August.
The test plan
The test Odoo is Version 8 installed on an up to date Debian platform. It has the base set of standard modules installed including:
Accounting & finance
Base web builder with contact form
The following components are within the scope of the testing:
Login pages, both web and admin
This campaign will benefit all of us, so I hope you are able to support it, and if not, at least spread the word.
I will be posting a link with full details of the campaign to this thread as soon as the campaign is launched, and will keep everyone updated regularly.
As with any crowd funding campaign, the first few weeks are critical to draw the interest of others outside the immediate group so it would be really good if you can join in, even if it is just a small amount.
With your support we can put Odoo ahead of the other ERP systems in security as it already is with functionality, and significantly increase the quantity of people aware of Odoo.
Thank you all in advance,
-- N. Arranz-Velazquez OpusVL Odoo Specialist Team (OOST) Product Owner OpusVL Drury House Drury Lane Rugby CV21 3DE T: 01788 298 450 W: www.opusvl.com