I'm wholeheartedly glad to hear it, Andres!
Wish you all the best @ Rapid7!
I couldn't appreciate more about how rapid7 supports and funds open-source
projects.
There are very few companies who know how open-source community helps a lot
in security scene.
Best Regards
Aung
On Wed, Jul 28, 2010 at 9:51 PM, Andres Riancho <andres.rian...@gmail.com>wrote:
> List,
>
> I have been passionate about the Web application security field for
> years which is why I developed w3af. Some have even it called it the
> “Metasploit” of Web application security. Over the last year or so, I
> have been thinking how I can personally help to raise the bar for Web
> application security even further and turn w3af into one of the
> leading open source security projects.
>
> I am therefore very excited that today I am announcing that Rapid7 is
> sponsoring the w3af project and that I will be joining Rapid7 as
> Director of Web security to spearhead Rapid7’s worldwide Center of
> Excellence (COE) for Web security. The first immediate result of the
> sponsorship is that I have already hired a first employee at the COE
> and will be looking to staff several other engineering positions here
> in Argentina.
>
> To be clear, Rapid7 is not acquiring w3af. I will keep the keep the
> project open source, with no plans to change the license or the
> community development model. What will be changing is how fast we
> integrate new features, and release new versions with Rapid7’s
> support. I will still be involved in w3af's development process with
> the classical role of project leader (or Benevolent Dictator For Life
> or BDFL as some like to call it), but with more time to design the
> heuristics and algorithms required to maintain the framework as a
> world class Web application security solution. By creating a COE and
> sponsoring w3af, Rapid7 will benefit from the extensive security
> research experience of w3af and use this to enhance its existing
> NeXpose product line.
>
> I am so excited about the sponsorship and me joining Rapid7 for a
> number of reasons.
>
> First, Rapid7 has proven that they understand the community and how
> the cross pollination between open source and commercial solutions can
> lead to exceptional results. Proof in point is the way Rapid7 has
> handled the Metasploit Project. It has created commercial versions on
> top of the open source framework while at the same time accelerating
> the value of the project. Since getting involved with Metasploit in
> October 2010, Rapid7 has funded a full-time development team for
> Metasploit and has released five versions of the open source
> framework.
>
> Second, Rapid7 has amazing products and technology. Rapid7 has been
> developing an amazing vulnerability management product in the market
> for 10 years and has now gained a leadership position in penetration
> testing with the support of Metasploit as well. What stood out
> particularly for me is what investment Rapid7 has already made in Web
> application security. NeXpose is the only vulnerability management
> solution that has scanning capabilities that address Web 2.0 and AJAX
> technologies. With this functionality as a baseline, I truly believe
> that the cross-pollination of w3af and Rapid7 NeXpose will lead to
> best in class Web application security technology in the near future.
>
> Lastly, w3af will only get better. It will remain free. Like with the
> Metasploit Framework, w3af will still be open source, which is the
> reason why it has been so successful. w3af's license and copyrights
> remain the same. What will change is that you will see a lot more
> support behind the project. As a matter of fact I am hiring right now
> so if you are a developer with Python skills and are good at Web
> application security, please contact me at andres_rian...@rapid7.com.
>
> Regards,
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
>
> ------------------------------------------------------------------------------
> The Palm PDK Hot Apps Program offers developers who use the
> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> of $1 Million in cash or HP Products. Visit us here for more details:
> http://p.sf.net/sfu/dev2dev-palm
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
