Hello, I want to provide RPA consulting services to companies with the Open RPA tool. The first question that often comes from companies regarding this open-source RPA tool is whether it is a reliable software. I believe in the reliability of the tool based on the comments I have seen on forums and YouTube, but I need to convince my clients on this matter as well. Could you provide me with some tips to convince my client about the security aspect of Open RPA? Thank you very much.
In general many people consider Open Source more secure than closed source, since more people can inspect the code and find issue. Reality is that only hold true, for project with many users and contributors, there is so much code published on various sites that it would be impossible to check it all, so there is a degree of trust involved also.
For closed (and open) source solution there are two things you can do to check this.
- One way is to get the code certified by official organisations, so every major bild you do, some external company review the code base. This is extremely expensive, and often focuses more on processes that actually reading the code.
- Another way is to do security reviews and penetration tests on the software. I don’t know of any companies that has been looking into OpenRPA, but i can name a handful of companies (including government institutions and banks) that yearly or half yearly have professional companies do security review and penetration tests on OpenFlow, and to this day, the most critical bug they found, is an issue with how temporary passwords are generated.
But nothing in this world is 100% secure, you need to balance the time and money you want to put in versus how secure you want it. And also keep in mind, most security breaches come from social engineering, not software. Software issues are misused after they get in.
Thank you very much for your detailed explanation and quick reply.
You said that there are companies that perform security tests on Openflow. I would be very happy if you can name a few companies that perform these tests or use the product in order to be a good example and reference for my customers.
I’m sorry, but i never give out information about companies using the product.
( also, most of the names I have, no one really knows. Most of my paying customers are implementers. Companies that use openflow and/or OpenRPA at their customers. Those are the names people know and respect, but I doubt any of those would allow me to share end customer names )
I have a copy of some of the review reports from 2 of my paying customers, but I’m under strict guidelines to not share them, so I cannot give you that either.
thank you again for your explanatory answers and understanding