apmuthu
commented
6 years ago Will having such a policy bring upon the project unintended warranties implied or otherwise?
As there is nothing to sell and each user can harden their installations from within FA (additional captcha, checking internal logs and acting on them, etc) and from outside it (firewalls, routing permissions, etc), the use case for such a document will probably be for those who want to make commercial services around it. In fact quite a few are using it commercially and some shamefully not even giving credit to the project and not contributing their fixes back to the project either. Donations are scarce too.
Since the law is different in different places, the project should not undertake to "comply" with all such whims and fancies of every government in place. This software is only a skeleton which end users can mould to suit their needs and be responsible for it.
The project relies primarily on insecure MD5 hash of passwords, unsalted. Each user will tweak this to secure their installs, though many use it to teach Accounting where it may not matter.
"User Beware" is the best way forward in my opinion. Let each end user take appropriate counsel and considered expertise before venturing into FA.
The Policy is attached herein and it is better to place it in markdown syntax in the GitHub Wiki herein.
Certainly a very nice effort and hopefully some "Consultants" may seek your professional copy-writing skills for FA and other products / services they may have on offer!
order4adwriter
I noticed that the FrontAccounting ERP website has no software security policy ... especially as it concerns the security and use of key financial information as entered within the software application by prospective clients.
As a copywriter and a marketing expert, I know that having a clear cut policy will surely boost the reputation and marketing/expansion plans of frontaccounting.com as a trusted ERP accounting service provider.
This is especially as it is an open source application and let's face it, not many people out there would be keen on to put their key company or business data at risk by revealing any details about their private or business information on an open source, accounting software website with a sizable number of external developers, coders and contributors with no clearly stated software security policy.
So, I have taken the liberty to use my copywriting skills and crafted a well written, strongly-worded and assertive Software Policy for use on the FrontAccounting.com Software Security Policy page when completed .
Please feel free to read it here.
I hope the software policy page will be set up soon.... as I believe this one written by me will make great marketing and sales copy for the website as well.
Note : all constructive critiques or observations are welcome