Watchfire announced this week that it will take a page from the open source playbook by making some extended features its product platform public, as well as opening up the product to customers who want to develop their own plug-ins.One of the major players in the web application scanning market, Watchfire has built a community that is eager for more features and functions, said Michael Weider, founder and CTO of Watchfire.
"We have a backlog of hundreds of different features that customers have been asking for, and we just can’t get to them all," he said. "And some of them are just so niche that it might not make sense for us to do that, because they might not be generally applicable to every company that would use the product."
Because its customer base contains developers and security professionals who contribute to open source projects, Watchfire officials decided to provide APIs and a development tool for free to those who wanted to use them, said Weider.
"The feedback we got from our users was: one, that they wanted these different features. They wanted to be able to create them and they didn’t want to wait for us. Two, that these people are used to this in the security community and that there’s a huge community of very skilled technical people who want to innovate and collaborate and they are willing to share their work," he said. "So we thought it would be highly beneficial to foster that community."
Though the entire AppScan application code won’t be opened up, Weider said that Watchfire will make available all of the code for extensions created by Watchfire and its customers.
"We’re also going to be open sourcing all of the code for all of the extensions that we develop, or our customers develop, on Google code," he said. "The rationale is that by open-sourcing them, people can look at the code and extend them further, and also to learn how to create their own extensions."
As extensions are developed, they will be distributed for free on the Watchfire website.