Posted by
BJ Freeman on
Mar 06, 2006; 5:44pm
URL: http://ofbiz.116.s1.nabble.com/Users-OFBiz-application-security-tp137781p137783.html
I am saying this more so you can form you responses to the competitor.
There are many levels of security.
since ofbiz is a work in progress doing a security audit, like laid out
in Visa's PCI Compliance relative to securing CC information, would be
very costly. if you do a Google search you will find those that do this.
here is one
http://www.scanalert.com/Content.sa?sec=4&sub=2So you can have the audit on the instance of the ofbiz you are providing
your client, and will have to provide an audit every time you make
changes to the code.
Next if they bring up that they used a demo to evaluate the security,
Then you can query if they used the Configuration manual provided by
ofbiz before the evaluation.
Merrill, Robert sent the following on 3/6/06 7:24 AM:
> Hey all,
>
> We have an OFBiz-based proposal out to a client, and a competitor has
> challenged it, saying that "OFBiz is not secure" compared to their
> offering.
>
> Our proposal is going to the client's board in the next few days, and
> our contact at the client wants to know what to tell them.
>
> Has anyone done a security audit or review of OFBiz, or, better yet, had
> one done by a third party?
>
> What else can truthfully be said about OFBiz application security?
>
> Thanks!
>
> Robert
>
> Robert Merrill
>
[hidden email]
> www.berbee.com
>
> _______________________________________________
> Users mailing list
>
[hidden email]
>
http://lists.ofbiz.org/mailman/listinfo/users>
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users