Security accountability question #2139
-
|
Hello, I'm an M365 collaboration consultant interested in using PnP Modern Search to solve an advanced SharePoint search use case with a client. Before they're willing to proceed, they're asking who is responsible/accountable in the case of a security breaches occurring as a result of deploying this open-source product. I'm not a security expert so thought I'd reach out for advice on this. Can anyone help me understand how the accountability would work in this scenario, or help me understand why this is or is not a concern with this particular product? Thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
You as the consultant bringing in the web part would be responsible. Or you have the customer audit the code and take ownership. As far as we know there are no known loop-holes in the codebase and the solution is widely used by enterprises. |
Beta Was this translation helpful? Give feedback.
-
|
As it is an open source solution and not a Microsoft product, we can't really guarantee at 100% there are no security issues as we rely on other dependencies that we don't control. However, the development is always made professionally taking into account security concerns and the solution is widely used worldwide by many companies for few years now. As the source is public, you can totally run your own security assessment tools like Snyk, SonarQube or others to evaluate internally and make the decision. |
Beta Was this translation helpful? Give feedback.
You as the consultant bringing in the web part would be responsible. Or you have the customer audit the code and take ownership. As far as we know there are no known loop-holes in the codebase and the solution is widely used by enterprises.