PRESS RELEASE
Release date: 6th July 2015
Global crowdfunding campaign launched
for Open Source security testing
At a time when IT security has never been higher on the business agenda, a key figure in the Open Source Software community is hoping to put the world’s fastest growing Open Source Enterprise Resource Planning Solution (ERP), Odoo, through a full network security penetration test after launching a global crowdfunding campaign.
Stuart J Mackintosh, who previously supported the UK Cabinet Office on its Open Source and standards strategy, hopes to raise up to £25,000 with the campaign, and has pledged to use all monies raised on investigating the security of Odoo to aid future development of the software. Mackintosh has said that even if he does not reach his crowdfunding target amount, he will still use any money raised to enhance the security of the popular ERP software.
NCC Group, a global information assurance specialist which has one of the world’s largest and most experienced penetration testing teams, will conduct the security testing. The plan is to raise enough money to facilitate NCC Group to provide independent verification, a report and analysis of the security risks in Odoo illustrating any weaknesses in the application that could be exploited, and to perform a thorough and comprehensive penetration test covering policy, procedure, and design of the software. Such a test would be the first time Odoo, one of the most widely used ERP applications in the world, has been subject to formal stringent security testing and Mackintosh said that this project will not just have ramifications on the Open Source market, but on the wider software world as well.
He explained: “Odoo already has the potential to be one of the most secure ERP systems available, because it is designed with Internet best practices so sets the security bar at web standard, rather than at ERP standard. Many proprietary ERP systems are built on pre-internet frameworks and were designed to be accessed internally, not hosted on the cloud or exposed to the hostile Internet, and this is where security issues become serious.
“We all know the ERP marketplace is not 100% secure but Odoo has the opportunity to become the most secure ERP secure globally if this campaign is successful. Odoo is the only contender in the marketplace to be both secure and functional and not only could this campaign ensure that, but, more importantly, it raises the issue of security for the wider ERP world and asks other vendors what steps they will take to make their systems more secure.”
Stuart J Mackintosh has also enlisted the support of one of the first UK integrators of Odoo, OpusVL, a company that will work together with NCC Group to carry out the security audit. OpusVL has previous experience working with NCC Group after commissioning the organisation to carry out tests on its Flexibase product, used by financial and retail customers.
The crowdfunding campaign is already live on Indiegogo and Mackintosh is urging everyone, not just the Open Source community, to get behind the initiative.
“If Odoo was not an Open Source product, a campaign such as this would not be possible and we would not be so empowered to resolve any security issues that the report identifies,” he said.
“But this is about more than giving Odoo users a more secure ERP solution, it’s about making an investment into the future security of the wider ERP industry. It’s a chance for all software users to support another market option maturing and put pressure on their vendors for enhanced security. With the UK government and healthcare sectors committing to an Open Source future, it is essential that we can validate that this is a more secure option than any other alternative.”
- Ends -
About Stuart J Mackintosh
Stuart J Mackintosh is an active figure in the Open Source
community and entered the computer industry through his electronics background;
early roles including the repair of IBM-compatible PC systems and working with
Amstrad PC systems. After moving into software in the mid-90s, he was
responsible for network architecture and diagnosis. This was followed by the
creation of a successful and industry-leading e-commerce solution.
In the late 90’s, Stuart prototyped and developed numerous systems that are only now being widely used in the marketplace, including visitor analytics, journey logging, meta data searching, card payment integration, high performance/high availability systems and virtualisation technology.
About NCC Group
NCC Group is a global information assurance specialist,
passionate about making the Internet safer and revolutionising the way in which
organisations think about cyber security. Through an unrivalled and unique
range of services, the company provides organisations across the world with
freedom from doubt that their most important assets are protected and
operational at all times.
Listed on the London Stock Exchange, NCC Group is a trusted advisor to more than 15,000 clients worldwide. Headquartered in Manchester, UK, NCC Group has over 20 offices across the world and employs over 1,000 specialists in information security, assurance and technology.
CC Group delivers security consulting, software escrow and verification, website performance, software testing and domain services. https://www.nccgroup.trust
About Opus VL
Established
in 1999, OpusVL are a leading Open Source specialist implementer and the
primary UK Odoo integration partner. The company works with businesses in both
the private and public sectors, implementing business management systems and
associated services.
For further information,
please contact:-
Editorial –John Edden, Bridge PR
& Media Services on 024 76 520025, or e-mail john@bridgepr.co.uk.