[Zope] Zope 2.8.x and python security audit
Andreas Jung
lists at andreas-jung.com
Fri Jan 27 03:42:26 EST 2006
--On 27. Januar 2006 09:38:12 +0100 Sven Deichmann <deichmann at werkbank.com>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Oh well... no news is not always good news. I could also mean that PHP
> is much more popular and under more surveillance while python is only
> good known to professional crackers...
>
> The problem is, that in this usecase we won't be able to use Zope if
> there is no official, independent security certificate for it.
>
> Which could lead to such a certificate for Zope, but more likely to a
> commercial CMS for which a certificate exists.
>
> We are talking about a pharmaceutical company that is bound to
> international regulations regarding software systems in such companies.
> Especially all Interface functions have to be tested with every possible
> input.
>
Then forget about Zope 2 and look at Z3. Zope 3 is currently on the way to
be certified for the Common Criteria (hope this is the official name). You
should look through the zope3-dev mailinglist archive for details.
-aj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20060127/7955c5a3/attachment.bin
More information about the Zope
mailing list