Re: Potential Security Risks in OpenSource LMS environments

[Kees Leune <LEUNE () ADELPHI EDU>]

> > > On 7/14/2009 at 5:26 PM, in message
<OFCA6EF495.D93D6FB8-ON852575F3.0075B517-852575F3.0075F0F5 () american edu>, Cathy
Hubbs <hubbs () AMERICAN EDU> wrote:
> In thinking about the move toward Open Source Learning Management Systems 
> (i.e., Moodle, Sakai, ATutor, etc., etc.) from Blackboard...
>
> Has anyone encountered or addressed potential security risks/concerns that 
> may be more prevalent in the Open Source LMS environment vs the COT LMS?
>
> 1. Timeliness of Patch Deployment


We have just completed the transition from Blackboard to Moodle and we have been very happy with it. The few times that 
vulnerabilities were discovered, they were patched very quickly.


> 2. More difficulty protecting data stores  (i.e., distributed, the potential for DBs on individual Faculty 
> workstation)


I do not see how Moodle vs. Blackboard would be different in that--- all data resides on the server; faculty members 
can always make local copies of the information to which they have access, but that is true for Blackboard also. Our 
general experience is that we have less downtime with Blackboard than we have with Moodle and that Faculty, Students 
and Administration are happier with it than they were with Blackboard. Moodle has been tied in to our authentication 
infrastructure, and very detailed logging has helped me in investigations in the past.

Hope this helps,

Kees
-- 

Dr. Kees Leune 
Information Security Officer
Adelphi University
Garden City, NY 
+1 (516) 877-3936