Should Google Develop an Open Source WAF


In 2006, a start-up by the name of Strangeloop Networks developed the Site Optimizer. It was one of the first products of its kind, and it became known as FEO (Front-End Optimization). Thereafter, two other FEO start-ups emerged, and AcceloWeb. In a few short years, all three were acquired. Akamai acquired, Limelight Networks purchased AcceloWeb, and Radware gobbled up Strangeloop Networks. Around the same time, Google developed its own version of FEO called PageSpeed. Cotendo and EdgeCast were early adapters of PageSpeed, deploying the product globally. In the beginning, PageSpeed was buggy like all software products at launch, but over time it become stable. Today, PageSpeed is much more than just FEO, its an ecosystem of tools, and best practices for optimizing website performance.

State of the Web Application Firewall

Fortunately, the three FEO start-ups sold at the perfect time, because Google PageSpeed is now the FEO standard. Why develop a proprietary technology when PageSpeed is available. The same thing must happen to the Web Application Firewall (WAF) market. In the sector, there two WAF options available, Trustwave and the manufacturer-based WAF. The majority of CDNs use ModSecurity, and enterprises partner with the likes F5 Networks, Imperva, Barracuda Networks, Radware, and so on. ModSecurity is a solid choice for globally distributed cloud environments. Manufacturer-based WAFs are ideal for corporate environments. Most have their plus and minuses, but the bottom line is they all represent different proprietary platforms. Nothing is wrong with that approach, but what if Google developed an Open Source WAF for the global community, where rules sets are free? If Google decides to develop a WAF, bringing all disparate platforms under one roof, in due time the security sector will follow. 

Google’s Web Application Firewall

Google is synonymous with the Internet, just like Oracle is with the relational database, Amazon with Cloud, Intel with CPU’s, and Apple with the mobile phone. Google, as the Good Steward of the Internet, must chip in and bear some of the responsibility of protecting websites. It has the resources, and manpower to create a feature rich WAF that surpasses any present day WAF. With a net income of $14.4B in 2014, plus $63.8B (Current Assets – Current Liabilities) in the bank, its stand to reason that Google should take on the WAF challenge. Once it does, the open source community will follow, then enterprises, and it will be a PageSpeed part 2. In light of all the breaches taking place weekly, protecting web sites is much bigger than any one company or group of companies can handle alone. The industry is in dire need of a Google, that has the potential to make a big difference in the world. Thereafter, companies like F5 Networks, Trustwave, Radware, IBM, Microsoft, and others can work as a team to make the Internet community a safer place.

Scroll to Top