[Owasp-board] Fwd: OWASP SoC

dinis cruz dinis.cruz at owasp.org
Thu Mar 6 10:53:05 UTC 2008

Hi Andre & Bernardo (Tom forwarded us an email exchange with Andre (see

I (with Paulo Coimbra) was responsible for the last Season of Code OWASP
sponsorship initiative (SpoC 07, see
http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007) where Bernardo
Damele was sponsored with 2,500 USD to continue the development of SqlMap
http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_:_Selection and
http://www.owasp.org/index.php/SpoC_007_-_SqlMap and

As with the previous sponsorship program (Autumn of Code 2006) we gave
preference to existing OWASP projects, for projects that wanted (or seem to
be interested) in becoming OWASP projects and projects of interest to
OWASP's community.

SqlMap is a variation of this since it's main page is hosted outside
OWASP.org (http://sqlmap.sourceforge.net/) and I can't remember who added
that link to the main OWASP project's page (it might have even been me,
since the expectation with SpoC 07 was that the non-OWASP-originated
project's sponsored would become OWASP projects).

Ultimately that is Bernardo's decision and he needs to  chose (or not) to
join OWASP project's family (would take 30s to remove that link from that
page). For reference we are making substantial changes to our definition of
and 'OWASP Project' and the criteria we use to classify and rate projects
(see http://www.owasp.org/index.php/Category:OWASP_Project_Assessment). The
objective of these changes is to help project leaders understand the areas
where their project needs some focus, and to increase the visibility and
usage of those tools (so now is a perfect time for Bernardo to make a
decision on this).

Regarding w3af participation in SoC 08 (which has just started (see
http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 , first application
already submitted:
http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications)) like
you said it could be a good way to start. All I would say is that the
selection criteria is designed to give some priority to current (or soon to
be) OWASP projects (
Not to say that it is mandatory for sponsorship that connection, but it will
help :)

Let me know if you have further questions or need any help (for SpoC issues
Paulo Coimbra should be your first point of contact (CCing me))

Best regards

Dinis Cruz
Chief OWASP Evangelist

On Thu, Mar 6, 2008 at 3:07 AM, Tom Brennan <tomb at owasp.org> wrote:

> http://w3af.sourceforge.net Web Application Attack and Audit Framework
> -Brennan
> ---------- Forwarded message ----------
> From: Andres Riancho <andres.riancho at gmail.com>
> Date: Wed, Mar 5, 2008 at 11:37 AM
> Subject: OWASP SoC
> To: tomb at owasp.org
> Tom,
>    Hi man! how are you? I have been thinking about the proposal you
> made to me some time ago about w3af being an OWASP project; and I
> thought that a good way of getting to know "us" (I mean w3af and
> OWASP) is to start with something simple like the SoC. I think that
> the participation of w3af in SoC would be a step forward in the
> direction of working together.
> On a related subject; I have been talking with Bernardo Damele,
> who says that after the last SoC his project is listed as a OWASP
> project [0] . What is this all about ?  Will the same happen to w3af
> ?!
> [0] http://www.owasp.org/index.php/Category:OWASP_Project
> Cheers,
> --
> Andres Riancho
> http://w3af.sourceforge.net/
> Web Application Attack and Audit Framework
> --
> Its coming.... are you ready?
> https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080306/279bb9fa/attachment-0002.html>

More information about the Owasp-board mailing list