Three years ago, we decided (together with a group of people) to create our own product that would not only be open but also unique and exceptional in our market. In fact, we started building the product for the Polish market, as well as for companies around the world, and that meant competing with companies such as Microsoft, Salesforce, Oracle, SugarCRM, and thousands of other companies with far larger budgets for marketing than we had for the entire company!

No protection against CSRF can cause risks because when a user visits a webpage [e.g. forum] a hacker can execute unauthorized changes in user's CRM system because he tricks the system, so it perceives some actions as performed by a user and doesn't suspect the attack. This way hackers can execute any operations in the system, such as creating users, adding and modifying records, deleting data and much more.  

Tuesday, 12 September 2017 07:12

Full disclosure of open source CRM systems

Our company introduces the principle of full disclosure for security bugs in open CRM systems. This will also apply to our company, which means that if an external audit company discovers any vulnerabilities, we will announce the details of every vulnerability and this information will be accessible to all. We believe that this approach will enforce appropriate practices not only among producers but also among providers and customers who need to follow appropriate security procedures. Times, when everyone pretends that their system has no security flaws, are slowly passing and if producers still remain passive in the implementation of appropriate practices, it will be noticeable from week to week. 

There are many tools available online that allow producers, providers, and customers to verify the current security status set for an online system. Although CRM/ERP systems are not usually publicly available, demo versions can be easily accessed. We will try to explain security issues that are significant for every web system, especially for open source projects that can be adjusted to everyone’s individual requirements, including those related to security.

Monday, 04 September 2017 07:10

SuiteCRM: very poor email handling

Every CRM system has email fields that are essential at every stage of customer service because contact via email is one of the most common contacts with companies and partners. Every company can easily determine the maximum number of fields they need in a given functionality, e.g. 1-3 fields per contact are usually enough and it is illogical to provide the opportunity to enter 20 email fields because it can cause many problems in organizing contacts' database. 

Page 1 of 3