Security is very important to us, and here is a summary of what we do to guarantee that your data is safe with Instant-ERP and that we apply the best practices on the hosted version, Instant-ERP Online.
The Instant-ERP Online servers are hosted in several data centers worldwide, that must all satisfy with our minimum physical security criterions:
Odoo is open source, so the whole codebase is continuously under examination by Odoo users and contributors worldwide. Community bug reports are therefore one important source of feedback regarding security. We encourage developers to audit the code and report security issues.
The Odoo R&D processes have code review steps that include a security check for all new and contributed pieces of code.
Many customers have conducted independent code audits and performed penetration tests, and all the findings have been taken into consideration. The results can only be disclosed by the respective customers, though.
Odoo is designed in a way that prevents the most common types of security issues:
OWASP Top Security Issues
Here is where Odoo stands on the top security issue for web application, as listed by the Open Web Application Security Project:
If you need to report a security vulnerability, please head over to our responsible disclosure page. These reports are treated with high priority, the problem is immediately assessed and solved by the Instant-ERP security team, in collaboration with the reporter, and then disclosed in a responsible manner to our customer and users.