Community mailing list archives
Re: Crowd funding the Odoo Penetration Test - is now LIVEby
I have just launched the Odoo security audit crowd funding campaign, you can access it on Indiegogo here: http://igg.me/at/odoo-security/ and it has already received the first contribution!
With any crowd funding campaign, momentum drives more funding. To that end, I would be really grateful for anyone considering funding the project, that you do so over the next week or two. The more people learn about this project, the greater the interest will be outside the Odoo communities, and ultimately more awareness of Odoo and the security issues of ERP.
The campaign page has a lot of detail of the testing process and how the funds will be spent. I would welcome feedback, critique or anything else that would help improve the potential and coverage of the project.
I would also welcome discussions from any partners interested in getting more involved.
PS The hashtag #SecureERP has been used on social networks.
As you've seen in recent threads, we've been raising with Odoo a number of security issues that we've come across with, for which patches have been published. Still, it raises the question of how secure is Odoo.
As a long-running partner with a reputation to maintain, we want Odoo to be safe, and for this reason we contacted NCC (leader in security auditing of software) to do a professional security audit of Odoo or "Penetration Test".
More details on NCC testing available here: https://www.nccgroup.trust/uk/our-services/security-consulting/
Odoo is fully supportive of our initiative, as we are after all working towards the same goal: Increasing security & raising Odoo's profile.
NCC will raise awareness of the activity through their global network and we have also engaged a PR company to optimise the reach of this initiative through national press.
To fund this professional audit, we will launch an IndieGoGo campaign and hope you will all support us.
The funding campaign will run to the end of July as the test is booked for August.
The test plan
The test Odoo is Version 8 installed on an up to date Debian platform. It has the base set of standard modules installed including:
Accounting & finance
Base web builder with contact form
The following components are within the scope of the testing:
Login pages, both web and admin
This campaign will benefit all of us, so I hope you are able to support it, and if not, at least spread the word.
I will be posting a link with full details of the campaign to this thread as soon as the campaign is launched, and will keep everyone updated regularly.
As with any crowd funding campaign, the first few weeks are critical to draw the interest of others outside the immediate group so it would be really good if you can join in, even if it is just a small amount.
With your support we can put Odoo ahead of the other ERP systems in security as it already is with functionality, and significantly increase the quantity of people aware of Odoo.
Thank you all in advance,
-- N. Arranz-Velazquez OpusVL Odoo Specialist Team (OOST) Product Owner OpusVL Drury House Drury Lane Rugby CV21 3DE T: 01788 298 450 W: www.opusvl.com
Stuart J Mackintosh
Director / Owner
<img alt="OpusVL Logo" src="cid:firstname.lastname@example.org" height="38" width="150">
Business management software - Joined-up, flexible & open
• Open Source Specialists
T: 01788 298 450
DDI: 01788 298 457