Security Assessment for iDempiere (possible crowdfunding)

[Carlos Antonio Ruiz Gómez]

Hi community, today I received an email from https://www.securifylabs.com/

As I understood they can offer a security assessment for the project based on crowdfunding.

I'm notifying the originator of the email about this thread, so I hope he can clarify better the scope of this.

But my main intention opening this thread is to see if there is interest in the community about this initiative.

Regards,

Carlos Ruiz

[Zeeshan Hasan]

Any idea of what this service would cost?

[sko...@securifylabs.com]

Hello Everyone,

Thanks a lot Carlos for the introduction and very excited to be in a position to help out.

SecurifyLabs uses a unique crowd-funding approach to make high-assurance code security available for open-source projects, at no cost to the community. SecurifyLabs opens the door for sponsors to get involved by contributing funds to the campaign, in return sponsors receive periodic environment scanning for the server hosting iDempiere for things like: outdated software packages, unnecessarily open-ports, weak SSL/TLS algorithms, etc. This guarantees that iDempiere as well the environment hosting it are both secure.

When sponsors sign-up for our packages, we start unlocking increasingly valuable support packages to iDempiere's community for free. For example, security code review, remediation support, training, etc. For example, the image below shows the depth of our code review process and the amount of scrutiny and manual effort that goes into it. 

We report the vulnerabilities we find confidentially to iDempiere in a prioritized and actionable format, to be fixed per your schedule as a community with no CVEs or public disclosures whatsoever. This is because our goal is to find a sustainable way to provide open-source projects with quality and inclusive security help.

Some of the projects we worked with are: Tiki Wiki CMS Groupware (www.tiki.org) and BigBlueButton (www.bigbluebutton.org).

I think this covers most of the benefits of our solution and how we can benefit iDempiere's community and prep the code for the cyber security test. I'd be happy to answer any questions, thoughts or comments.

Regards,

Sherif Koussa

www.securifylabs.com

[sko...@securifylabs.com]

Hi Zeeshan,

We have 3 corporate packages

* Starter: Sponsors receive 1 scan\year and a curated report - $3000\year

* Professional: Sponsors receive 4 scans\year and a curated report - $6000\year

* Premium: Sponsor receives 12 scans\year and a curated report - $10000\year

We also have a community package:

* Community: Sponsor receives a curated report - any amount above $500

I am in the process of designing a campaign for iDempiere, which will decide how many sponsors we need to unlock each package.

Regards,

Sherif Koussa

[sko...@securifylabs.com]

Hi Zeeshan,

We have 3 corporate packages:

1. Starter: sponsors receive one environment scan + curated report - $3000\years
2. Professional: sponsors receive quarterly environment scans + curated report - $6000\years

3. Premium: sponsors receive monthly environment scan + curated report - $10000\years

We also have a community package, where sponsors would contribute any amount above $500 and they would receive a curated report.

Regards,

Sherif

On Thursday, November 13, 2014 12:26:23 PM UTC-5, Zeeshan Hasan wrote: