I've been investigating several library software solutions and I have some serious concerns - ability to access restricted content/pages, ability to inject content into pages, ability to perform CSFRs, etc... Those examples and others I've not shared raise concern for me. I'm coming from three different perspectives: protection of user and system/solution stored data, the ability to use the system/solution to exploit the organization, and the ability to use the system/solution to infect user devices. Is there a focus group within C4L that discusses and investigates such matters? I've been doing investigations and research on my own, and I would be interested in working with others. V/R Erin