The OWASP ModSecurity Core Rule Set project is very happy to announce Microsoft as new GOLD sponsor. There have been sporadic contacts with the Azure WAF engineering team for several years and we are now taking the next step. Microsoft and OWASP CRS are establishing a formalized partnership in the form of a sponsoring agreement.
There is never a lack of ideas in a florishing open source project like ours. But as a lot of open source projects, we lack the user perspective to a wide extent. We write rules, but we do not really know how they behave in the real world outside of the few sites we control at our day jobs.
This makes the contact with cloud providers and content delivery networks so important for us: They see the real traffic, they see their users struggling and they face security incidents long before they hit us.
And this forms the base for a very fruitful exchange on eye level. We can discuss our plans with qualified engineers and Microsoft gets a 2nd opinion on problems they are facing.
Microsoft is a very good example of a large integrator who has a strong focus on the WAF functionality. Azure's use of OWASP CRS is very good. This is especially the case when compared with the competition. We are also impressed by the commitment to improve the application security posture with OWASP CRS as a first line of defense. We hope we can continue to contribute to this setup with our next release CRS v4.
Link to the Microsoft Azure announcement of this partnership.