[Koha] External Independent Security Audit of Koha

dcook at prosentient.com.au dcook at prosentient.com.au
Thu Jan 30 12:33:53 NZDT 2020

Hi all,


Fred King's email about using Koha in a Protected Health network reminded me
of a question I wanted to pose around the world. Has anyone commissioned an
external independent security audit of Koha? That is to say, a security
audit from someone other than a Koha support vendor? 


If so, would they be willing to share the results with other Koha libraries?
For instance, in Fred's case, he could refer his IT department to those
results, so they could use it in their risk management analysis. (Of course,
I think it would be important to note that security depends a lot on the
implementation itself, the version of the Koha software, and so on. So one
security audit report would not cover all implementations world-wide, but it
could be a useful starting point.)


I know that I've had IT departments interested in these third-party external
independent security audits, so I imagine this is actually a common request
that a lot of Koha users around the world are probably facing. 


David Cook

Systems Librarian

Prosentient Systems

72/330 Wattle St

Ultimo, NSW 2007



Office: 02 9212 0899

Direct: 02 8005 0595


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <https://lists.katipo.co.nz/pipermail/koha/attachments/20200130/c391078a/attachment.sig>

More information about the Koha mailing list