Community mailing list archives
Re: Odoo securityby
From mainly a user, I have helped people put in Odoo, but not a partner. This is a good idea, however I think the goal is too high. It shouldn't cost 10k to do a full security audit. Perhaps that I am a little naive there. Also, Odoo themselves only investing about £600 to what is their business and potentially improves their software and assurance to customers really shocks me. Perhaps I missed another fund entry in the list. That's not a "dig" at Odoo, just shocked that more wasn't dropped in.
I will personally drop some cash late this week, before it ends. As it helps me feel more secure that Odoo on our server here is secure, other than the methods I put into place to reduce risks.
AFAIK, Odoo has already communicated widely on this topic (which doesn't mean they cannot do more).
Unfortunately, I think the timing is not ideal with all European decision makers on holidays...
Everybody is gonna wake up on Sept the first...
We really need the campaign to be successful: this is so basic requirements that I don't even understand this is only popping up now.
Every Odoo partner in the world should invest a reasonable 100 GBP and we would get the remaining funds...
On Sat, Jul 25, 2015, 12:46 Luke Branch <firstname.lastname@example.org> wrote:
Hi Alexandre and Stuart,
I'm just another odoo user, and not an Odoo partner or developer as such, but I have a feeling if you're able to send an email out to the Odoo mailing list (not this one, I meant the mass mailing/marketing list to users and partners, etc.), as well as post on your facebook and twitter pages, etc. to promote the campaign I think it would help get the word out about this campaign a great deal.
I think the successful campaigns you (Odoo SA) have run in the past (eg. themes campaign) were successful due to the marketing/advertising done in the build-up to the campaign, as well as the fact that they filled a need that everyone had for themes and a designers handbook for building themes. You also had a great deal of support from your partners for that campaign which I believe helped as well, and the campaign was held over a longer period from what I remember.
I'll be contributing what I can to the campaign before it finishes, however I think if you're able to rally the support of Odoo partners and users alike (as Odoo SA) I think this campaign has a better chance of being a success.
Is there any way to extend the campaign on Indiegogo after it's started? I think this kind of campaign needs to run for a few months in order to gain the kind of publicity/traction it needs to get a large enough number of users and partners to contribute to make it a success.Regards,
On Fri, Jul 24, 2015 at 6:08 PM, Alexandre Vandermeersch <email@example.com> wrote:
As a reminder, we at Odoo s.a. support this audit. That means a financial contribution and of course our commitment to examine the results of the audit and take any necessary action.
Your help is needed to make it happen! Please contribute on http://secure-erp.com
Le 24-07-15 11:25, Stuart J Mackintosh a écrit :
<blockquote cite="mid:55B1FD89.firstname.lastname@example.org" type="cite">
Dear Odoo community,
There are now just 8 days left until the Odoo security audit campaign finishes and the campaign is now 29% funded. It would be really valuable to get some more support for the community as a whole.
I have set up this crowd fund campaign up to enable us all to share the cost of this activity as a community, and all benefit from the result. I think this is the best opportunity to have a formal security audit of Odoo undertaken, so that support taking part will have the option of learning the true state of Odoo security and also have immediate issues discovered and addresses.
You can access the campaign on Indiegogo here: http://secure-erp.com. As a fixed-funded project, no funds will be taken unless we reach the target of £10,000.
I feel that it is sufficiently important that this gets done so in the spirit of community and openness, I have taken the initiative to get on with it rather than just lobby Odoo. We all benefit from an excellent software application so I do not feel that it is unfair to chip in to make this audit happen.
The project has received good press and social interactions, support from Odoo and lots of visitors and today Odoo showed their commitment by contributing to the project.
My team have discovered a further password issue in recent days affecting the SaaS which Odoo are currently considering, we do not know how many more of these issues exist, but as implementers of Odoo, we should all work to find out before the bad guys do.
If we and our customers are to use the web-connected features like the portal, email campaign module, web builder and others, whilst having our business information held in Odoo, we need this audit.
Please get involved. If you think that I can improve or alter the campaign, just let me know, I am keen to hear your ideas and work collaboratively.
Looking forward to your feedback.
PS If you do not want to contribute financially, you can still help by promoting the campaign through social media, tweets relating to the campaign can be found here: https://twitter.com/hashtag/secureerp?f=tweets Please use the hashtag #SecureERP
Stuart J Mackintosh
Director / Owner
-- Alexandre Vandermeersch +32 491 08 80 09Chief Marketing Officer, Odoo s.a.
CARLOS LIÉBANA ANERO
Director | factorlibre.com
+34 635 86 67 92