[Owasp-board] Spoc 007 results, final data set. If all is OK will annouce this tomorrow to the participants

Andrew van der Stock vanderaj at owasp.org
Fri Apr 27 20:38:00 UTC 2007


Dinis,

Dave and I have some concerns about mentoring so many projects. Although it
would be great to have that many projects, we simply don¹t have that many
resources to monitor so many projects. I had difficulty finding the time to
do a simple 1 hr task due to life and work, let alone the regular mentoring
7 or 8 projects each would entail for three months. In addition, I¹m not
sure we should send the message that sending in a quick e-mail gets funding
from us. There were a few questionable submissions, and I¹d like for us to
discuss these before we fund every project. Let¹s go through the list, and
decide on the really worthy projects.

The certification project is huge (and thus why we¹re paying $20k out).
However, Mark Curphey is starting up his own business from scratch,
architecting and writing a big tool to do ISM management with two others,
writing a prolific blog, and building new content for his ISM community
portal. He¹s probably doing 18 hour days right now. I simply don¹t see how
he is going to have time in his busy schedule to do what he claims he wants
to do for this project. Can we talk to Mark about him taking a small portion
of the overall funds in return for him *leading* and *mentoring* the
project, and assigning him the other person + 1 intern of his choosing to
get it done with the remainder of the money? That way we reduce the risk of
this project not completing whilst still spending the same amount. We need
that project, so failure is a risky proposition. Let¹s try to reduce the
risk by assigning more folks to it, particularly folks with more time than
Mark, whilst letting Mark run it and keep the quality and experience up.

Lastly, I think you¹ve over-counted some money in our overall budget. OWASP
has paid for an intern ($10k) which we had planned to come out of the SpoC
funds, and therefore our overall budget has a $10k hole in it. We will need
to trim by at least this amount, and preferably by a bit more to take into
account quality control and lack of mentoring resources.

Thanks,
Andrew


On 4/27/07 1:37 PM, "Andrew van der Stock" <vanderaj at owasp.org> wrote:

> Here are my ratings. I don¹t think it changes our funding positions. However,
> I was thinking that all like projects are bundled together.
> 
> E.g. 
> 
> * Mateo and Mark¹s project should be combined as they will have overlapping
> concerns. 
> * Przemyslaw 'rezos' Skowron and NSRAV should be combined. They are doing
> pretty much the same thing.
> 
> I don¹t mind the original funding allocation being disbursed, but I think
> having four projects when two will do will help us monitor the projects more
> carefully, and give those projects a greater chance of success with more
> resources.
> 
> What FOSS projects are we allocating to? My wishlist would include:
> 
> PHP ­ we may have an ³in² with Zend on this one as well!
> XAMPP (a PHP developer distro which is extraordinarily weak at security)
> Apache Foundation ­ I can¹t think of a more deserving donation (Tomcat,
> Apache, too many to list etc)
> 
> What are yours?
> 
> Thanks,
> Andrew
> 
> On 4/26/07 7:33 PM, "Dinis Cruz" <dinis at ddplus.net> wrote:
> 
>> Ok guys, using the data set from mine and Jeffs ratings, here is the final
>> Spoc sponsorhip allocations:
>> 
>> Proposal ID Project  OWASP Sponsorship
>> Mark Curphey The OWASP Web Security Certification Framework 20000
>> ---- 10x 1000USD to FOSS projects we all use 10000
>> Mateo OWASP Certification Project 5000
>> Eoin Keary Code review Project 5000
>> Boris OWASP Site Generator 5000
>> EdFinkler A comprehensive input retrieval/filtering system for PHP 5000
>> NSRAV Security Research Group Attacks Reference Guide 5000
>> Arshan Dabirsiaghi OWASP The Anti-Samy Project     5000
>> Sebastien Deleersnyder OWASP Education Project 5000
>> Eric Sheridan and Dr. Goran Trajkovski The Scholastic Application Security
>> Assessment Project 5000
>> Caseydk Security throughout the SDLC 3000
>> Bunyamin Demir OWASP WeBekci Project 2500
>> Erwin Geirnaert OWASP Java Project 2500
>> Boris OWASP Tiger 2500
>> Joshua Perrymon OWASP LiveCD Project 2500
>> Erwin Geirnaert OWASP WebGoat Solutions Guide 2500
>> Denis Python Tainted Mode 2500
>> Jim Best Practices & Countermeasures   2500
>> Josh Sweeney OWASP LiveCD Education Project 2500
>> Heiko Web Application Security put into practice 2500
>> Przemyslaw 'rezos' Skowron Refresh Attacks list 2500
>> Boris OWASP Report Generator 2500
>> Darren Edmonds WebScarab NG Security Test Automation 2500
>> Subere OWASP JBroFuzz Project 2500
>> Paulo Coimbra OWASP brand 2500
>> Paolo Perego Owasp Orizon Project 2500
>> Bernardo sqlmap 2500
>> Buanzo Enigform: Firefox Addon for OpenPGP signing of HTTP requests 2500
>> (TBD) Help with SpoC project management 2500
>> 
>> 
>> 
>> 
>> Total 118000 
>> which means that all proposals submited were accepted (an amazing sucess
>> story) and acording to my numbers (please double check them) we are only 2k
>> over our initial 91K invesment, and still have 20k to alocate:
>> 
>> 
>> 
>> 
>> Total Investment
>> 
>> 
>> 
>> 118000 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Payer Project Initial budget Allocated Still Available
>> 
>> 
>> 
>> 
>> 
>> OWASP Any 91000 91000 0
>> EDS 
>> 9000 9000 0 
>> SPI SiteGen 9000 3000 6000
>> Cenzic SiteGen 3000 2000 1000
>> 
>> Metr 3000 0 3000
>> 
>> SDL 3000 3000 0 
>> Vigilar Certification 8000 8000 0
>> SANS Questions 5000
>> 5000 
>> Fortify Source code 5000 0 5000
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Totals 136000 116000 20000
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Total Allocated ­ Total investment =
>> 
>> -2,000 
>> 
>> If none of you complain, I will email the participants and the owasp-leaders
>> this information tomorrow, and start working on the press-release and final
>> operational details.
>> 
>> very exited about what is going to be created by this iniciative
>> 
>> Dinis
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> http://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070427/43bf4f9a/attachment-0002.html>


More information about the Owasp-board mailing list