Security Policy & Standards
USA Odoo is open source, so the whole codebase is continuously under examination by USA Odoo users and contributors worldwide. There are three approaches we use to audit our code continuously:
- Community bug reports are one important source of feedback regarding security. We encourage developers to audit the code and report security issues.
- The USA Odoo R&D continuous integration system has code review steps that include a security check for all new and contributed pieces of code.
- Many customers have conducted independent code audits and performed penetration tests, and all the findings have been taken into consideration.
USA Odoo is designed in a way that prevents the most common types of security issues:
- SQL injections are prevented by the use of a higher-level API that does not require manual SQL queries.
- XSS attacks are prevented by the use of a high-level templating system that automatically escapes all data being rendered.
- The framework prevents RPC access to private methods, making it harder to introduce exploitable vulnerabilities.
The safety of USA Odoo systems is very important to us (not only because we use USA Odoo internally), and we consider security problems with the highest priority. We do our best every day to protect USA Odoo users from known security threats, and we welcome all reports of security vulnerabilities discovered by our users and contributors.
Open Source Integrators’ implementation approach to USA Odoo builds on this success, and ensures that customer roles and access rules are properly mapped and tested. Our team has certifications in ITIL.
Conclusion
Open Source Integrators’ highly skilled Odoo experts are dedicated to securing your open source software and providing a unique competitive advantage to harness your full potential.