Security Weekly
Application Security WeeklySubscribe
Application security, Security Strategy, Plan, Budget

Sustainable Funding of Open Source Tools – Simon Bennetts, Mark Curphey – ASW #282

How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec community motivated him to create Crash Override and help projects like ZAP gain the support they deserve.

Segment resources:

Full episode and show notes

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2024 Full Conference Pass! RSA Conference will take place May 6 to May 9 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac24 and use the code 54USECWEEKLY! We hope to see you there!

  • On the evening of Monday, May 6, 2024, W2 Communications and CyberRisk Alliance are bringing CYBERTACOS back to San Francisco! If eating FREE tacos, sipping on margaritas and mingling with cyber professionals from all over the world sounds good to you, make sure to register to secure your spot! Visit securityweekly.com/cybertacos to RSVP today!

Guests

Simon Bennetts
ZAP Project Lead at Software Security Project

Simon Bennetts is the Zed Attack Proxy (ZAP) Founder and Project Leader.
He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac.
Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.

Mark Curphey
Founder and CMO at Crash Override

Mark Curphey is the co-founder and Chief Marketing Officer at Crash Override, a venture backed security startup founded in 2022 with John Viega. Prior to Crash Override he was the co-founder and CPO/CTO of Open Raven, a data classification company, founder and CEO of SourceClear (acquired by Veracode in 2018) the first pure play security software composition analysis company and led the MSDN subscription team at Microsoft.

In 2002 he founded the Open Web Application Security Project, the de facto online community dedicated to improving software security. He has Masters Degree in Information Security from Royal Holloway and Bedford New College, University of London.

He is currently advisor to the Software Security Project, a new appsec community that will be launched later in 2024.

Hosts

Tech Lead at Block
Senior Engineering Leader at AWS

Related