Jump to:

21491 Posts in 5783 Topics by 2621 members

General Questions

SilverStripe Forums » General Questions » How secure is SilverStripe?

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Howard, Sean, Ryan M., biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 808 Views
  • dizzystuff
    Avatar
    Community Member
    93 Posts

    How secure is SilverStripe? Link to this post

    14 December 2010 at 6:47pm

    Hey All

    I've got a new day job and I'll be overseeing a rewrite and expansion of the existing web infrastructure for the business. I'm keenly showcasing SS as the right tool for this job, one of the final objections/questions I've got is how secure is SilverStripe/sapphire core.

    With all standard disclaimers of code/server being as secure as the dev/admin who sets it all up, is there a solid review of security in SilverStripe/Sapphire that I can head towards? A third party review even better?

    It's great to show the consistent comments from the core dev team all around the web on various blogs and corresponding security and point releases.

    Can you point me towards a good solid review of SS in/security and/or provide me with a quick list of points to assist me in winning over this discussion and the boss man himself?

    Thanks in advance guys
    dizzy

  • Willr
    Avatar
    Forum Moderator
    5208 Posts

    Re: How secure is SilverStripe? Link to this post

    15 December 2010 at 12:24pm Last edited: 15 December 2010 12:26pm

    We don't really publish security audits but the core dev's are aware when audits do occur. Most of the current audits include specific project work as well so not really suitable for public release. I'll track down to see if we have a sapphire audit available.

    In terms of Security issues there is a dedicated security@silverstripe.org setup which emails the core developers instantly so they can keep tabs on everything. Issues are normally patched ASAP to the affected branch(es), releases take a little bit longer to prepare but normally updates are available within the week. You can see http://secunia.com/advisories/search/?search=SilverStripe for a list of issues that have been reported.

    2.4.4 has the latest security patches so make sure you update!

  • Ingo
    Avatar
    Forum Moderator
    787 Posts

    Re: How secure is SilverStripe? Link to this post

    15 December 2010 at 9:36pm

    I'm aware of three code audits commissioned by clients since 2.4.0, so we've got a lot of eyes on the product at least.
    I don't think you'll find a "security review" as such, I hope that any security issues would be confidentially reported to us rather than blogged as a review.

  • dizzystuff
    Avatar
    Community Member
    93 Posts

    Re: How secure is SilverStripe? Link to this post

    10 February 2011 at 5:36pm

    Hi Guys

    Apologies for not getting back to you after you took the time to reply. With the new year and getting stuck into the day to day in Jan we only got back to this this week.

    Good news is we're pushing ahead with SilverStripe/Sapphire for this project. Your replies and links were a great help

    Thanks
    dizzystuff

    808 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.