Community mailing list archives

Re: Crowd funding the Odoo Penetration Test - is now LIVE

OpusVL, Stuart J Mackintosh
- 06/27/2015 11:03:34

I have just launched the Odoo security audit crowd funding campaign, you can access it on Indiegogo here: and it has already received the first contribution!

With any crowd funding campaign, momentum drives more funding. To that end, I would be really grateful for anyone considering funding the project, that you do so over the next week or two. The more people learn about this project, the greater the interest will be outside the Odoo communities, and ultimately more awareness of Odoo and the security issues of ERP.

The campaign page has a lot of detail of the testing process and how the funds will be spent. I would welcome feedback, critique or anything else that would help improve the potential and coverage of the project.

I would also welcome discussions from any partners interested in getting more involved.

Best regards,


PS The hashtag #SecureERP has been used on social networks.

<blockquote cite="" type="cite">

Dear all,

As you've seen in recent threads, we've been raising with Odoo a number of security issues that we've come across with, for which patches have been published. Still, it raises the question of how secure is Odoo.

As a long-running partner with a reputation to maintain, we want Odoo to be safe, and for this reason we contacted NCC (leader in security auditing of software) to do a professional security audit of Odoo or "Penetration Test".

More details on NCC testing available here:

Odoo is fully supportive of our initiative, as we are after all working towards the same goal: Increasing security & raising Odoo's profile.
NCC will raise awareness of the activity through their global network and we have also engaged a PR company to optimise the reach of this initiative through national press.

To fund this professional audit, we will launch an IndieGoGo campaign and hope you will all support us.

The funding campaign will run to the end of July as the test is booked for August.

The test plan

The test Odoo is Version 8 installed on an up to date Debian platform. It has the base set of standard modules installed including:

    Sales order
    Purchase order
    Accounting & finance
    Base web builder with contact form

The following components are within the scope of the testing:

    Login pages, both web and admin
    Database admin

This campaign will benefit all of us, so I hope you are able to support it, and if not, at least spread the word.

I will be posting a link with full details of the campaign to this thread as soon as the campaign is launched, and will keep everyone updated regularly.

As with any crowd funding campaign, the first few weeks are critical to draw the interest of others outside the immediate group so it would be really good if you can join in, even if it is just a small amount.

With your support we can put Odoo ahead of the other ERP systems in security as it already is with functionality, and significantly increase the quantity of people aware of Odoo.

Thank you all in advance,


N. Arranz-Velazquez
OpusVL Odoo Specialist Team (OOST)
Product Owner

Drury House
Drury Lane
CV21 3DE

T: 01788 298 450

Post to:


Stuart J Mackintosh

Director / Owner

<img alt="OpusVL Logo" src="" height="38" width="150">

Business management software - Joined-up, flexible & open

• Open Source Specialists

Drury House

Drury Lane


CV21 3DE

T: 01788 298 450

DDI: 01788 298 457