Simon Bennetts, Creator & Lead Maintainer of OWASP ZAP Joins Jit
Published November 21, 2023.
This is an extremely exciting day for Jit, and for the open source security world, as we join forces with one of the legends in open source security development––Simon Bennetts.
Simon, the creator, maintainer, and life force behind one of the most popular open source security tools, OWASP ZAP (Zed Attack Proxy) - will be joining the team to help drive the company’s open source mission.
With a joint vision to make open source security more accessible to developers through code, Simon is going to be the OWASP ZAP as Distinguished Engineer, and serve as the open source maintainer in residence at Jit.
David Melamed, CTO & Co-Founder at Jit, has been an excited and avid user of ZAP, basically since it was first introduced. With ZAP being one of the critical tools all developers should know about and use when starting to build a new project, Jit seemed like the right home to support its continued maintenance and roadmap.
In fact, Jit’s take is that it’s so important to the industry and to the Jit vision in particular, that simply sponsoring the project didn’t seem sufficient (when a recent post started circulating requesting financial support from the community to continue its maintenance). It was clear to David and the rest of the co-founders that Jit needed to do more by fully supporting Simon’s work on ZAP, day in and day out. And that’s why we’re not only honored to support Simon’s work, but also to support the open source ZAP community as it works to improve and enhance product security through ZAP, and remains the go-to tool it is today.
This excellent DAST tool makes it possible to provide developers with contextually relevant and just-in-time access to the knowledge and tools they need to secure the apps they build across the entire application stack, and all this without bogging down development processes…which is often what security has become synonymous with. That is why Jit has been leveraging and orchestrating many best-in-class open source tools like ZAP to do that, while supporting their work as well (including Gitleaks, another well-known and popular OSS security tool).
Simon’s journey with ZAP has been nothing short of inspiring. He created ZAP 12 years ago when he couldn’t help but feel really strongly that an open source web vulnerability scanner serves a critical purpose in the world, and someone needed to do the work to make it happen––so he did that for all of us. And boy was he right, OWASP ZAP has become one of the most popular open source security tools adopted today.
We at Jit discovered…just in time (the Jit way), that Simon was exploring his next career step, and while he had the opportunity to consider working with many companies with proprietary security products, but, as you can imagine…his heart belongs to open source.
Fortunately the stars aligned for all of us, and Simon found in Jit a (brilliant…his words not ours) team, who are as deeply committed to open source as he is, while empowering developers to build secure applications––a mutual vision for both Simon and Jit. The awesome part is that the Jit platform complements ZAP in many ways, allowing developers to programatically leverage ZAP across applications in a streamlined manner as part of their DevOps workflow, and specifically as part of their CD (continuous deployment) stage.
This makes continued work on ZAP possible, the project we all love, along with the community and to have Simon lead and support like-minded developers and engineers at Jit that will help contribute to continuing to make ZAP great for all of us…while still making sure to have fun, even while building security products (sometime perceived as the party pooper of tech), that the world so desperately needs.
Why is this a game changer for all of us?
Product security is taking center stage, as attack methods become more sophisticated, and exploiting data becomes ever more valuable. Most engineering organizations understand the importance of embedding security as early as possible in their development processes across the DevOps workflow. However, security, like all engineering domains, is a discipline that requires many years of experience and expertise. That is why, to date, it has been largely siloed and external to engineering organizations and workflows.
With the DevSecOps manifesto, and shift left movement this is evolving - many thanks to best of breed tools like ZAP and thought leaders like Simon Bennetts, who have paved the way to making security a first-class citizen in the engineering domain.
Jit’s vision is to take this even further, and make security so seamless, and as code––as has been done with many other engineering disciplines from DevOps, to Quality & Testing, CI/CD and more––that all high velocity engineering teams will find it ridiculously simple to add Continuous Security (CS) to their CI/CD practice. With high velocity engineering teams deploying multiple times on a daily basis, they have to have Security-as-Code (SaC) as part of their ‘everything-as-code mentality, and not be bogged down with constantly installing, configuring and maintaining multiple security tools across their CI, CD and Runtime environments .
We welcome Simon to our team to join us on this adventure, and know that he is going to be a driving force in delivering on the promise of democratizing DevSecOps! His expertise will help us sustain and shape the open source security world by building a platform that makes OSS security tooling native to developer workflows––and eventually the ultimate goal––more accessible to all security engineers, DevSecOps and product security engineers.