[Owasp-board] (on the money front) Fwd: 28, 000 USD available for work selected OWASP Projects (July 2007 Batch)

Jeff Williams jeff.williams at owasp.org
Fri Jul 13 02:00:21 UTC 2007


Sounds good to me.

 

--Jeff

 

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Monday, July 02, 2007 1:05 PM
To: OWASP Board
Subject: [Owasp-board] (on the money front) Fwd: 28, 000 USD available for
work selected OWASP Projects (July 2007 Batch)

 

Quick question, for the projects that we haven't received the money, should
we 

 - a) ask for it now, or 
 - b) wait for the appearance of realistic candidates?

I think we might want to do b) in the short them and a) once this
development/sponsorship model is 100% operational 

Dinis 

---------- Forwarded message ----------
From: Dinis Cruz <dinis at ddplus.net>
Date: Jul 2, 2007 6:01 PM 
Subject: 28,000 USD available for work selected OWASP Projects (July 2007
Batch)
To: owasp-all at lists.owasp.org

Hello OWASP

 

Now with the SpoC 007 (Spring of Code 2007) under way, I would like ask for
proposals for OWASP projects that we have funds (28,000 USD) specifically
allocated to .

  

Here are the projects' titles and you can find more details at the end of
this email and on this page:
http://www.owasp.org/index.php/Funds_available_for_OWASP_Projects 

*	OSG - OWASP Site Generator -  Join Boris in his development of the
new version of .NET's OSG (funds from SPI Dynamics and Cenzic membership
fees) 
*	OWASP Corporate Application Security Rating Guide - Create and
release the first version of this very important document ( funds from
Cenzic membership fees)
*	Questions for SANS - Write 200 questions for SANS with a % of those
questions made open to the OWASP community (funds directly allocated by SANS
for this project)
*	Source Code Review OWASP Projects - Implement a workflow where all
OWASP projects that use JAVA technology are automatically audited for
security flaws (funds directly allocated by Fortify Software for this
project)
*	BlackTop project - Develop a runtime code analysis tool to be used
by Penetration Testers during client engagements (funds directly allocated
by Ounce Labs for this project).

If you are interested, email your proposal including responses to the
following items:

*	Your educational and professional background 
*	Application security experience and accomplishments 
*	Participation and leadership in open communities 
*	The opportunity, challenges, issues or need your proposal addresses 
*	Milestones and objectives 
*	Specific activities and who will carry out these activities 
*	Specific deliverables and a rough project schedule so we can track
progress 
*	Long-term vision for the project 
*	Any other reasons why you and your project should be selected

The proposed project delivery time is 3 months and the payment will be made
in two 50% parts (one at the 50% mark and one at 100% mark (i.e. project
completed))

I will also put the applicants in touch with the contacts at the sponsoring
companies so that the brief and project deliverables can be finalized.

The deadline for project submissions is July 15th.

 

Looking forward to your proposals, 

 

Best regards

 

Dinis Cruz
Chief OWASP Evangelist
http://www. owasp.org <http://www.owasp.org/>  

 

 


OSG - OWASP Site Generator (5k) 


*	Project description: Continue development of Site Generator
<http://www.owasp.org/index.php/OWASP_SiteGenerator> , write new
vulnerabilities, work on new dynamic engine, document findings 
*	Funds available: 5,000 USD 
*	Sponsor: Spy Dynamics, Cenzic 

 


OWASP Corporate Application Security Rating Guide (3k) 


*	Project description: As per
https://www.owasp.org/index.php/OWASP_Corporate_Application_Security_Rating_
Guide, finalize criteria, research selected companies and publish a report
with the results 
*	Funds available: 3,000 USD 
*	Sponsor: Cenzic 

 


Questions for SANS (5k) 


*	Project description: Write JAVA/JSP questions for SANS's Software
Security Institute certification exams( http://www.sans-ssi.org/
<http://www.sans-ssi.org/> ). The candidate will need to write 200 questions
and answers and must be a knowledgeable and respected member of the Java
community. For obvious reasons only 10% to 20% of the questions created will
be disclosed to the OWASP community, with the remainder to be used in the
certification's exams.. 

*	Note that although this first request is for questions in JAVA/JSP
there are plans to run a similar project for C, C++, PHP, .NET, so if you
are interested in these other languages feel free to contact us.. 

*	Funds available: 5,000 USD 
*	Sponsor: SANS 

 


Source Code Review OWASP Projects (5k) 


*	Project description: Use Fortify Software's source code scanning
engine ( <http://opensource.fortifysoftware.com/>
http://opensource.fortifysoftware.com) to scan open source projects coded in
JAVA. The objectives of this project will be: 

*	Develop and document a workflow for open source projects to
incorporate static analysis into the Software Development Life Cycle (SDLC).

*	Apply the above workflow as a required step for OWASP projects. 
*	Aid in auditing select open source projects to create a baseline for
comparing security amongst open source projects. 

*	Funds available: 5,000 USD 
*	Sponsor: Fortify Software

 


BlackTop - Runtime coverage analysis tool (10k) 


*	Project description: Develop and document a "blackbox" pen testing
code analysis solution capable of providing runtime coverage analysis for
applications written in Java and .NET. In order to ensure the solution does
not require access to the applications' source code, the solution should use
(for example) the AspectJ and PostSharp bytecode weaving frameworks. 

*	The project must produce an open source, release quality
application, including a GUI and documentation. The project should utilize a
license; either the Eclipse Public License or the Mozilla Public license is
allowable.  
*	The tool should provide code level details and call trace
information of all ingress and egress points of the application and be able
to identify gaps in the "blackbox" testing to facilitate more accurate and
complete pen testing.  All output and configuration should be done using an
open format (such as XML) and enable command line execution of the
application. 

*	Funds available: 10,000 USD 
*	Sponsor: Ounce Labs

 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070712/03fcb61b/attachment-0002.html>


More information about the Owasp-board mailing list