I've been investigating several library software solutions and I have some
serious concerns - ability to access restricted content/pages, ability to
inject content into pages, ability to perform CSFRs, etc... Those examples
and others I've not shared raise concern for me. I'm coming from three
different perspectives: protection of user and system/solution stored data,
the ability to use the system/solution to exploit the organization, and the
ability to use the system/solution to infect user devices.
Is there a focus group within C4L that discusses and investigates such
matters? I've been doing investigations and research on my own, and I would
be interested in working with others.