[Owasp-board] Spoc 007 results, final data set. If all is OK will annouce this tomorrow to the participants

Dinis Cruz dinis at ddplus.net
Sat Apr 28 00:21:21 UTC 2007


Hi Andrew

(Comments Inline)

On 4/27/07, Andrew van der Stock <vanderaj at owasp.org> wrote:
>
>  Here are my ratings. I don't think it changes our funding positions.
> However, I was thinking that all *like* projects are bundled together.
>
> E.g.
>
>
>    - Mateo and Mark's project should be combined as they will have
>    overlapping concerns.
>    - Przemyslaw 'rezos' Skowron and NSRAV should be combined. They are
>    doing pretty much the same thing.
>
>
I agree that these projects need to work together, and I would add as a
caveat on project sponsorship acceptance that the relevant SpoC participant
commits it self to colaborate to the relevant project.

I don't mind the original funding allocation being disbursed, but I think
> having four projects when two will do will help us monitor the projects more
> carefully,
>

I think the number of projects is already to big for this to make a
difference, and at this stage I think that we need the participants to be
proactive and sort things out for themselfs. It there is synergy between
them the colaboration will work, if there isn't synergy it will not work.

That said, I will want to spend a bit of time in working with these
'overlapping' projects so that we have the best possible outcome (I also
like the fact that we are empowering each participant and not making him
greatly dependent on another project/participant)

and give those projects a greater chance of success with more resources.
>

I think that having two separate sponsorships with a mandate to work
together were possible, is what creates that 'greater change of success'

What FOSS projects are we allocating to? My wishlist would include:
>

This will be voted by OWASP members (and you will need 10 entries :)  )

Dinis

PHP – we may have an "in" with Zend on this one as well!
> XAMPP (a PHP developer distro which is extraordinarily weak at security)
> Apache Foundation – I can't think of a more deserving donation (Tomcat,
> Apache, too many to list etc)
>
> What are yours?
>
> Thanks,
> Andrew
>
> On 4/26/07 7:33 PM, "Dinis Cruz" <dinis at ddplus.net> wrote:
>
> Ok guys, using the data set from mine and Jeffs ratings, here is the final
> Spoc sponsorhip allocations:
>
> *Proposal ID* Project * OWASP Sponsorship
> Mark Curphey* *The OWASP Web Security Certification Framework* *20000*
> *----* *10x 1000USD to FOSS projects we all use* *10000*
> *Mateo* *OWASP Certification Project* *5000*
> *Eoin Keary* *Code review Project* *5000*
> *Boris* *OWASP Site Generator* *5000*
> *EdFinkler* *A comprehensive input retrieval/filtering system for PHP* *
> 5000*
> *NSRAV Security Research Group* *Attacks Reference Guide* *5000*
> *Arshan Dabirsiaghi* *OWASP The Anti-Samy Project     5000*
> *Sebastien Deleersnyder* *OWASP Education Project* *5000*
> *Eric Sheridan and Dr. Goran Trajkovski* *The Scholastic Application
> Security Assessment Project* *5000*
> *Caseydk* *Security throughout the SDLC* *3000*
> *Bunyamin Demir* OWASP WeBekci Project 2500
> *Erwin Geirnaert* OWASP Java Project 2500
> *Boris* OWASP Tiger 2500
> *Joshua Perrymon* OWASP LiveCD Project 2500
> *Erwin Geirnaert* OWASP WebGoat Solutions Guide 2500
> *Denis* Python Tainted Mode 2500
> *Jim* Best Practices & Countermeasures   2500
> *Josh Sweeney* OWASP LiveCD Education Project 2500
> *Heiko* Web Application Security put into practice 2500
> *Przemyslaw 'rezos' Skowron* Refresh Attacks list 2500
> *Boris* OWASP Report Generator 2500
> *Darren Edmonds* WebScarab NG Security Test Automation 2500
> *Subere* OWASP JBroFuzz Project 2500
> *Paulo Coimbra* OWASP brand 2500
> *Paolo Perego* Owasp Orizon Project 2500
> *Bernardo* sqlmap 2500
> *Buanzo* Enigform: Firefox Addon for OpenPGP signing of HTTP requests 2500
> (TBD) Help with SpoC project management 2500
>
>
>
>
> *Total* *118000*
> which means that all proposals submited were accepted (an amazing sucess
> story) and acording to my numbers (please double check them) we are only 2k
> over our initial 91K invesment, and still have 20k to alocate:
>
>
>
>
> *Total Investment*
>
>
>
> *118000*
>
>
>
> *
> *
>
>
>
> *
> *
> *Payer* *Project* *Initial budget* *Allocated* *Still Available*
>
>
>
> *
> *
> *OWASP* Any 91000 *91000* 0
> *EDS*
> 9000 *9000* 0
> *SPI* SiteGen 9000 *3000* 6000
> *Cenzic* SiteGen 3000 *2000* 1000
> *
> *Metr 3000 *0* 3000
> *
> *SDL 3000 *3000* 0
> *Vigilar* Certification 8000 *8000* 0
> *SANS* Questions 5000
> 5000
> *Fortify* Source code 5000 *0* 5000
>
>
>
>
>
>
>
>
>
>
>
> *Totals* *136000* *116000* *20000*
>
>
>
>
>
>
>
>
>
>
> Total Allocated – Total investment =
>
> *-2,000*
>
>
> If none of you complain, I will email the participants and the
> owasp-leaders this information tomorrow, and start working on the
> press-release and final operational details.
>
> very exited about what is going to be created by this iniciative
>
> Dinis
>
> ------------------------------
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070428/fdcb392b/attachment-0002.html>


More information about the Owasp-board mailing list