Hi all,

 

Sending this first to the dev list, and might send to the general list depending on responses.

 

Has anyone in the Koha community commissioned an external independent security audit of Koha? I know people do their own pen testing and security audits, but has anyone paid for an external independent firm to certify Koha?

 

Apologies for the vagueness. I’m asking this question on behalf of someone else. I don’t think it’s a source code audit (like has been done for open source encryption software like TrueCrypt). Rather, I think it’s an audit of an implemented Koha. Of course, any audit of an implementation would be implementation specific, so I’m not quite sure of the intentions behind the original question, but there you have it.

 

David Cook

Systems Librarian

Prosentient Systems

72/330 Wattle St

Ultimo, NSW 2007

Australia

 

Office: 02 9212 0899

Direct: 02 8005 0595