How Secure is Open-Source CRM?

Updated: December 26, 2007

Issue

You're right to worry about the security of your CRM software. It provides access to every bit of information about your customers, including their financial details. It would be a disaster if the wrong people got their hands on this data, so your software must be as secure as possible.

Some people have raised questions about the security of open-source software in general. How can software be secure if anyone at all can look at its source code to spy for security holes?

How secure can software be when it is written by hundreds of loosely connected, part-time programmers?

Analysis

It is true that hackers can examine open-source code as well as anyone else. But so can the open-source community, which consists of people who either use the software themselves or who work for enterprises that rely upon it. The fact is, many security experts' eyes focus on open-source software whenever a new version is released. They find the security holes quickly and fix them, often in a day or less.

As for sloppy code writing, it generally doesn't happen in the open-source community. Code must be written to certain standards if it is to be read, understood and enhanced by dozens or hundreds of other people. Sloppy programmers just don't get to work on open-source projects. When a rough patch of code does make it into an open-source package, the community works to smooth it out. This is how security vulnerabilities are eliminated.

This is not to say that all open-source CRM software is perfectly secure. In fact, most intruders gain entry to a system not through some flaw in its code but though "social engineering" — sweet-talking someone into giving up the keys to the kingdom. Many open-source CRM packages lack roles-based security, which allows for limits on a user's access based upon the role he plays in the enterprise. There is no need for a sales rep to have access to payroll data, for instance.

Nor is it safe to say that proprietary, closed software is less secure than an open-source CRM solution. It is programming practice that makes software secure. If you keep your eyes open for potential security holes while developing software, you will find and close them. It is just as possible to create a culture of security consciousness at a private enterprise as it is in anopen-source community.

Conclusion

The security of an established, widely supported, open-source CRM application is probably at least as good as the security of a commercial application. It is likely that patches for any discovered security holes will be issued very quickly. And it's comforting to know that hundreds of eyes are scanning the code, looking for potential problems to fix.

For more information on open source CRM, check out Focus' Buyer's Checklist: Open Source CRM and this related brief.

Related Categories

Featured Research

SolarWinds MSP; Digimite Technology

more
Five Cyberthreats that Slip Past Traditional Antivirus

more
The Art of Organizing and Simplifying IT Support

Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more
2020 Wheelhouse Buyer’s Guide to APIs

more
2020 Security Software Buyer’s Guide

more