Taras,
On Wed, Jul 28, 2010 at 2:22 PM, Taras <ox...@oxdef.info> wrote:
> Hi, Andres!
>
> My congratulations!
> It is of course was surprise...it looks my question is absent in your
> FAQ =) How it will impact us (contributors and testers of w3af)?
Contributors and testers will only see improvements in their work,
as the new full time developer will be working mostly in the core
performance and stability. In the beginning Javier will work on
various sections of the code, but after his initial induction to the
code, he'll work most of the time in improving the core, making the
like of plugin developers easier as new core features simplify that
process.
> How will be changed SDL and development process?
Javier and I have been working on the w3af wiki for a while. He
wrote the pydev setup howto, while I just finished the software
development process that can be found at the bottom of this page[0].
What do you think about the way the development process I proposed?
How could we improve it?
[0] https://sourceforge.net/apps/trac/w3af/wiki/developers-guide
>
> On 07/28/2010 07:21 PM, Andres Riancho wrote:
>> List,
>>
>> I have been passionate about the Web application security field for
>> years which is why I developed w3af. Some have even it called it the
>> “Metasploit” of Web application security. Over the last year or so, I
>> have been thinking how I can personally help to raise the bar for Web
>> application security even further and turn w3af into one of the
>> leading open source security projects.
>>
>> I am therefore very excited that today I am announcing that Rapid7 is
>> sponsoring the w3af project and that I will be joining Rapid7 as
>> Director of Web security to spearhead Rapid7’s worldwide Center of
>> Excellence (COE) for Web security. The first immediate result of the
>> sponsorship is that I have already hired a first employee at the COE
>> and will be looking to staff several other engineering positions here
>> in Argentina.
>>
>> To be clear, Rapid7 is not acquiring w3af. I will keep the keep the
>> project open source, with no plans to change the license or the
>> community development model. What will be changing is how fast we
>> integrate new features, and release new versions with Rapid7’s
>> support. I will still be involved in w3af's development process with
>> the classical role of project leader (or Benevolent Dictator For Life
>> or BDFL as some like to call it), but with more time to design the
>> heuristics and algorithms required to maintain the framework as a
>> world class Web application security solution. By creating a COE and
>> sponsoring w3af, Rapid7 will benefit from the extensive security
>> research experience of w3af and use this to enhance its existing
>> NeXpose product line.
>>
>> I am so excited about the sponsorship and me joining Rapid7 for a
>> number of reasons.
>>
>> First, Rapid7 has proven that they understand the community and how
>> the cross pollination between open source and commercial solutions can
>> lead to exceptional results. Proof in point is the way Rapid7 has
>> handled the Metasploit Project. It has created commercial versions on
>> top of the open source framework while at the same time accelerating
>> the value of the project. Since getting involved with Metasploit in
>> October 2010, Rapid7 has funded a full-time development team for
>> Metasploit and has released five versions of the open source
>> framework.
>>
>> Second, Rapid7 has amazing products and technology. Rapid7 has been
>> developing an amazing vulnerability management product in the market
>> for 10 years and has now gained a leadership position in penetration
>> testing with the support of Metasploit as well. What stood out
>> particularly for me is what investment Rapid7 has already made in Web
>> application security. NeXpose is the only vulnerability management
>> solution that has scanning capabilities that address Web 2.0 and AJAX
>> technologies. With this functionality as a baseline, I truly believe
>> that the cross-pollination of w3af and Rapid7 NeXpose will lead to
>> best in class Web application security technology in the near future.
>>
>> Lastly, w3af will only get better. It will remain free. Like with the
>> Metasploit Framework, w3af will still be open source, which is the
>> reason why it has been so successful. w3af's license and copyrights
>> remain the same. What will change is that you will see a lot more
>> support behind the project. As a matter of fact I am hiring right now
>> so if you are a developer with Python skills and are good at Web
>> application security, please contact me at andres_rian...@rapid7.com.
>>
>> Regards,
>
>
> --
> Taras
> http://oxdef.info
> ----
> "Software is like sex: it's better when it's free." - Linus Torvalds
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
