This security cloud will quickly pass. Let us know as soon as the fix is published. We’ll do what we can to help get the word out.

—
Response To The French Ministry of Defence Report Leak

2006-07-20

There has been comment in the media about a report on a French language website: “Le ministère de la Défense met OpenOffice à l’index”

The ZDNet article claims to describe the proceedings of a confidential meeting within the French public administration. It is not appropriate for the OpenOffice.org community to comment on a leak from a private meeting. However, one of the people mentioned in the article, Eric Filiol, has posted two replies to the online article clarifying the purpose of the research and correcting some of the incorrect conclusions in the original article.

The OpenOffice.org office suite is being widely adopted within the French public administration, and the OpenOffice.org community has been working closely with the departments involved. OpenOffice.org is pleased that its source code is being scrutinised by the most important and respected department of security in France.

If security vulnerabilities are suspected, there is a well defined procedure within the IT industry for reporting, analysing, and resolving any issues, which aims to minimise any public announcement (and the resulting creation of exploits) until fixes are available.

The OpenOffice.org community confirms it regards security as of the highest importance and will react immediately to any security issues reported by the French public adminstration or other competent bodies or individuals.

-The OpenOffice.org Team
—

That’s just wrong!
By default, OpenOffice asks confirmation for running untrusted macros, and there’s NO trusted source by default.

Please check your facts before asserting such things.