librelist archives

« back to archive

Future of Brakeman

Future of Brakeman

2015-02-24 @ 20:08
Hi Everyone,

In the coming months you will likely start hearing about a "Brakeman 
Pro" product. This is a new project I am heading up and, as the name 
suggests, it is a commercial version of Brakeman.

There is always some concern when Open Source projects spin off into a 
commercial products. I want to assure you that I am a strong believer in 
Open Source - I know Brakeman could not have been successful any other 
way. I will continue to improve and support the Open Source Brakeman 
(OSB) project just as I have for the last 4.5 years. If anything, it 
will get more attention. Changes (and bug fixes) prompted by the Pro 
version have already been making their way back to OSB.

Brakeman is not owned nor controlled by a corporate entity. Technically 
the copyright is held by myself, my current/past employers, and everyone 
who has ever contributed source code to the project. Nothing will change 
about this.

OSB will not become simply the "free" or "lite" version of the Brakeman 
Pro product. In my mind they are very different. OSB is simple, fast, 
and produces high quality results while avoiding false positives as much 
as possible. It is built for developers and security professionals to 
quickly assess the security of Rails application. It should also be easy 
to add into your software development life cycle - especially as part of 
continuous integration.

On the other hand, Brakeman Pro is intended to provide deeper, broader 
analysis - which ends up being *much* slower and provides a lot more 
information to sift through. Since this is at odds with the goals of 
OSB, I believe there is a clear separation between the two projects and 
it would be difficult to provide all of the features I want to see in a 
single project. We are also working hard to build a streamlined 
interface for investigating and validating the findings and additional 
information that is being surfaced.

If you are interested in Brakeman Pro, please feel free to visit and drop in your email. We will be inviting 
testers to our closed beta soon. If you aren't interested - no worries! 
Everything will continue as normal.

This will be the only email I send to this list regarding Brakeman Pro. 
You are welcome to follow @BrakemanPro on Twitter for updates or email 
me directly.

TL;DR - Nothing is changing with the Brakeman you know and love.