How Should We Fund ZAP Development?

Posted 349 Words


ZAP is a relatively large OSS security project that is used by hundreds of thousands of companies and individuals worldwide.

It is used as the basis on many commercial services - the ones we know about are detailed on the Third Party Products and Service page.

It is also maintained by a relatively small Core Team most of whom work on it in their own time.

You may be aware that an Open Letter addressed to the OWASP Board was published recently - this was signed by all of the ZAP Core Team.

We believe that ZAP (and other key OWASP projects) need to be better funded in order to provide the capabilities which you, our users, need.

We are competing (often very effectively) with companies that have 10s or even 100s of people working on their products. Imagine what we could achieve if a few more people were able to work on ZAP full time?

Current Funding

We have a page on the website with lists the ZAP supporters.

It is worth noting that only one company is currently providing significant ongoing funding of ZAP - and that is Jit which sponsors my work on ZAP - a big shout out to them!

We have been able to obtain sponsorship for specific developments which have been used to pay one of the other core team members, but the rest of the work on ZAP is unpaid.

Future Funding?

We are working with a set of OWASP leaders in order to find a way of improving funding for OWASP projects.

But we would also like to hear from you, the ZAP community, about what options you think we should consider.

  • Would your company sponsor ZAP directly?
  • Or pay for a commercial support contract?
  • What other options do you think we should investigate?

Also, if you use one of the many companies that sell commercial services based on ZAP please ask them why they are not providing ongoing funding for us! 😁

You can contact the core team via email.

Or join the discussion on the ZAP User Group.