Hi everyone,<p>first things first, I would like to apologize for my bad English.<p>I just tell a short story of what we've done, but you can skip this and scroll down directly to my questions.<p>After three to four years continuous developing an enterprise vulnerability scan solution I have to admit “I am done with it”. Now I'm thinking to make this solution at least somehow useful, by making it open source.<p>My previous startup was focusing on detecting web vulnerabilities with an own written scanner.<p>The main purpose why I have formed this startup and developed this scanner was bit a too big ego which wanted to compete with some big player solutions ( in this case IBM and HP), despite the fact they just bought companies who build those scanners instead of developing them ;).<p>Unfortunately or luckily? I have managed to establish an OEM-partnership with a well known Web Application Firewall Vendor. They used a new, polished and rebranded version of my scanner now to gain attention in the enterprise market. Especially as most of the enterprise are more interested in security scanner at all than in application firewall solutions. They also had some success selling the scanner to Telcos, Gov’s and large retailers. But at the end, far to less to keep the business and support running.<p>Now I have seen this issue early enough and started to sell the solution as an online scanning service similar to that what you already know from McAfee Secure, GoDaddy or Comodo.<p>I can't tell how often we have switched layouts and the pricing. We tried everything . Developed online wizards and offline configuration clients, recorded demo videos and so much more but it just seemed that an web application scanner is far too specific for regular users.<p>We had about 800 registrations and some few sales, but still not enough to keep a business like that running so at this point I started to give up.<p>I realized selling an enterprise solution to enterprises is very hard but selling it to regular users is almost impossible.<p>We also had some attempts to sell the company or the source code to great US enterprise security companies and all of them were really excited about the scanning results in comparison to other scanning solutions. But due my chosen program language it became impossible to sell it<p>I have to say, we've been always a small startup, we were 2 founders and we had some halftime trainees, which just graduated from school. So by all the time I was always the only fulltime developer and did 90 % of the work.<p>So here I am hating the code and the time spent for a company, a company that didn't brought me forward and stole me years of hard work (15-18 hours every day).<p>I remembered talking with a friend about why companies don't make stuff open source if they close, after he only found dead links to a mac application, that's the reason why I'm now thinking of making this open source.<p>I thought if I can't or don't want to sell the scanner anymore, why shouldn't I help other people by making this open source and at least earn some appreciation.<p>The scanner itself is very accurate, at some point it was almost able to compete with the big players on other even better or worse.<p>Now some information's which you possible dislike.<p>The scanner has a 3 tier model, is written in C#, it uses a MsSQL database and for the frontend a PHP solution.<p>Just some other facts before some people reply with C# hate responses, the top leading enterprise scanners WebInspect and AppScan are both written in C# (AppScan is partial C# and C++).<p>I'm sorry for the long story.<p>Before I can make my source code public I need to find some answers, where some people may could help me with.<p>Because I've been always the only developer, always under time pressure with deadlines and some laziness, I've done some bad things: I wrote code which was partial very, very bad written. A documentation don't even existent (only in my memory).<p>So my questions are:<p>Do people even want an open source project which is partial bad written and not documented ?<p>Over time I gained more coding skills, but that code didn't take much advantage of it. Should I make code public which could put my coding skills in a bad light ?<p>How could companies react if they bought something that become open source, can they sue me for that ?<p>If the code is changed at some points, it could break some patents, am I responsible for the code ?<p>What license (gpl3?) would be the best if I still want to earn some bucks if a company decides to sell or make money with code and where can I publish the code with that license?