StackHawk, the Denver-based bug-detecting service, hires developer of open-source project Zed Attack Proxy

StackHawk, the Denver-based software startup offering service to detect and fix security bugs, is doubling down on its support for the popular open-source OWASP Zed Attack Proxy web app security scanner by bringing on board its founder, Simon Bennetts.

At StackHawk, Bennetts will continue to focus on the development of the open-source project, which the company said is among the world’s most frequently used security scanning tools.

StackHawk already uses the open-source project for its underlying scanning technology and has built a business by layering on security test automation, integrations with development tools and functionality for new development paradigms. 

“Since founding ZAP, the vision has always been to deliver application security to developers,” Bennetts said, in a statement. “While the project has been widely adopted by security teams and pen testers, I’m excited to work with a team dedicated to delivering our original vision of AppSec for devs and that also believes in growing the open source community.” 

StackHawk founders Joni Klippert, Scott Gerlach and Ryan Severns and Bennetts found common cause in their belief that bug-editing tools are too often built for external enterprise security teams instead of the developers who are closest to the apps they’re building.

“Simon’s work on the ZAP project has both changed the security and open-source worlds for the better. It became clear that we were highly aligned in our mission to bring application security into the hands of developers,” said Klippert, the chief executive and founder of StackHawk, in a statement. “Simon joining the StackHawk team provides an exciting opportunity to invest more in the ZAP open source project, while also building capabilities that make it easy for enterprise development teams to streamline AppSec into their CI/CD pipelines.” 

In the eleven years since Bennetts first began working on ZAP, the OWASP Foundation-incorporated security scanner has become popular among the developer community for its dynamic application security testing.

After the hire, StackHawk said that nothing much will change. Bennetts will continue to work on the open-source project while the company will continue to build functionality around the scanner.

The Denver-based company has raised nearly $5 million in financing from investors including Flybridge, Costanoa Ventures, Matchstick Ventures and Foundry Group.