Performance and security

I am wanting to compare SuiteCRM as a CRM option for a business and need some information to support its use.

Does anyone know of any information pertaining to/or have experience with:

  1. How secure is SuiteCRM? Has any penetration testing been performed against or any evidence or metrics for this?
  2. How scalable is it: Has any load testing been performed against and know what sort of level of use can it take. I know this varies dependent upon hardware, etc. but any useful benchmarks or examples or articles would be helpful.


I don’t really have much to say here, but since nobody answered, here are my 2 cents on this:

You should be ok both with performance and security, but you won’t find much “scientific” evidence of this.

Basically, the product is mature and used in thousands of real-life corporate installations. The project is active and security fixes get quick attention. The project is open source and I do think the “many eyeballs” theory applies here as a positive reason to hope errors are seen.

But I don’t think there is any penetration testing or formal certification. And some of the code is old and has defects that are a cause for worry. Just maybe you won’t find any other project this big, this functional, and this free, that doesn’t have the same kind of issues. You can always contribute fixes if it is important for you.

In terms of performance, there are installations with hundreds of seats. You can scale up the hardware and you can easily split the database and the web server into two different servers. But there is no built-in load-balancing to go above that. If you share the approximate size of your intended installation, maybe other people can chime in with their experience. Again, I don’t think you’ll find any “science” here (official benchmarks or articles on this).