Welcome!

Open Source Cloud Authors: Liz McMillan, Elizabeth White, Zakia Bouachraoui, Pat Romanski, Yeshim Deniz

Related Topics: Open Source Cloud, Cloud Security

Open Source Cloud: Article

Qualys Starts an Open Source WAF Project

IronBee open sourced, community under constuction

On Monday at the 2011 RSA Conference, Qualys announced that they were creating an open source Web Application Firewall (WAF) project. Companies create open source projects for a variety of reasons. Those reasons include attempts to commoditize a market, build a community, or dump a failing project. One way to understand which kind of open source announcement Qualys is making is to find out how they are investing in the project. If they are not allocating any resources to the new project, you can be sure this is the later kind of announcement, otherwise known as a “dump-and-run.” However, if a company has real people whose principal job is to work on this project in the open, then this project is for real. Communities do not build themselves any more, so trying to ascertain the level of “open source marketing” efforts can also shed light.

Several questions were sent to Qualys about this project, and here are the responses they sent. The responses were penned by Ivan Ristic, director of engineering at Qualys.

Q: Where did the name come from?

A: We spent a lot of time in looking for a good name for the project. Today, just having a reasonably unique name is difficult enough, but we also wanted something to represent the spirit of the project. We believe that the association with bees describes our intentions well, which is to build a community focused on mitigating application security issues.

Q: Why is Qualys doing this now?

A: Initially, the motivation came from our own need. We were looking to complement our current services with a real-time access control. There is an opportunity to integrate scanning with real-time mechanisms, combining the best of both world. Scanning is a pro-active activity that can be very deep and complements real-time monitoring which is continuous.

Q: Most companies open source a project when they want to a) commoditize a market or b) abandon a product but make the code available. Which one is it?

A: I don't believe it's either of those. We simply looked for the best possible approach to developing a complex product that needs to run in some very diverse environments. Only the involvement of a large community can deal with that diversity of environments. And only a liberal open source license can remove the barriers to wide adoption (including adoption in commercial environments, for example cloud and infrastructure providers).

Having said that, commoditization is likely to come as a byproduct of the approach. However, that will only change the playing field, moving it into a different direction. Because of the Apache 2 open source license, a high quality product such as IronBee will help everyone, not only Qualys.

Q: The INSTALL file says its not ready for users yet. When will it be?

A: We announced IronBee as early as practically possible, in the spirit of open source development. We with to involve others sooner rather than later. The first production ready release will be ready by the end of the year. Practically speaking, we expect to have a working product earlier than that.

Q: How many employees from Qualys will be working on this? Will they be full-time on this project?

A: The IronBee team currently consists of 3 employees, and we have 2 further positions open. With small distractions (on other projects, for example our SSL research), they will all work full time on IronBee.

Q: Will Qualys provide a community manager?

A: Yes, and we already have one -- Will Metcalf, a long-time open source contributor, is the community manager.

Q: How much will Qualys invest in "community development"? in USD.

A: I don't want to discuss the actual amount, but the size of the development team is a good starting point to estimate the size of the investment.

Based on these answers, it is safe to say that this is a real, serious project. Use of the Apache license shows that Qualys is serious about open-ness. The only concern is that the project is not fully functional at the moment, so open source developers should take a wait and see approach as to when this get to “release status”.

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.

IoT & Smart Cities Stories
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Scala Hosting is trusted by 50 000 customers from 120 countries and hosting 700 000+ websites. The company has local presence in the United States and Europe and runs an internal R&D department which focuses on changing the status quo in the web hosting industry. Imagine every website owner running their online business on a fully managed cloud VPS platform at an affordable price that's very close to the price of shared hosting. The efforts of the R&D department in the last 3 years made that pos...