Does SuiteCRM implement security fixes that were patched in SugarCRM?
A new security article about SugarCRM came out yesterday that details some of the many SugarCRM security vulnerabilities. http://karmainsecurity.com/tales-of-sugarcrm-security-horrors
As a user of SuiteCRM, a number of security issues in SugarCRM are concerning as it is the base of SuiteCRM.
All security releases in SugaCRM CE are integrated into SuiteCRM, if not already fixed in SuiteCRM. Additionally, as highlighted in the article, issues SugarCRM did not fix or include in the CE version were fixed independently fixed in SuiteCRM.
If you know of any security issues in SuiteCRM, you can email security@suitecrm.com
That linked article deserves a good deal of attention. Maybe even contact that guy, I’d love to see him contributing to SuiteCRM.
SuiteCRM looks good on the article, he says SuiteCRM fixed every reported vulnerability quickly, while SugarCRM CE either takes months or doesn’t fix at all.
I’d say this is worth mentioning to our Marketing guys, or worth posting on our Blog, although I’d warn not to boast too much, since this is about security, and with this code-base we could easily be ashamed tomorrow with some security problem turned sour.
Just show worry and commitment, explain the different treatment compared to SugarCRM CE, and say we need to make sure every security report gets full attention, and quickly.
And we have the requested post up on the blog now
https://suitecrm.com/suitecrm/blog/entry/sugarcrm-end-of-life
congratulations to Kevin Sharpe for the write-up, very nice.