[Owasp-board] (for review, email to google) Re: Google Summer of Code Submission!

Dave Wichers dave.wichers at owasp.org
Wed Mar 12 21:19:24 UTC 2008

This is awesome. Very thorough. I made a few minor edits to the message
below. Dinis, if you can send this tonight, that would be great. If we don't
see that you've submitted it in the next few hours, I'll submit it for you
and cc everyone.


Thanks, Dave


From: dinis cruz [mailto:dinis.cruz at owasp.org] 
Sent: Wednesday, March 12, 2008 1:53 PM
To: Alison McNamee
Cc: Dave Wichers; OWASP Board; Paulo Coimbra
Subject: (for review, email to google) Re: [Owasp-board] Google Summer of
Code Submission!


ok guys,  here is the email that we propose to send to Leslie and Chris
(quick note, today's deadline is to become a hosting organization, not
sponsorship applications)

Leslie Hawthorn,  lhospo at gmail.com (Program Manager - Open Source, Google
Chris DiBona, cdibona at gmail.com (Open Source Programs Manager, Google)

Any other contacts we should send this to? 


Hello Chris and Leslie (got your details from

I'm Dinis Cruz and I am representing the OWASP (Open Web Application
Security Project) who I hope you have come across before (I think me and
Chris swapped same emails a couple years ago).

OWASP is focused on Web Application Security and you can see more details
about us on our website http://www.owasp.org
(http://www.owasp.org/index.php/About_OWASP). OWASP manages  numerous Open
Source projects (http://www.owasp.org/index.php/Category:OWASP_Project) and
is represented through the world via our chapters
(http://www.owasp.org/index.php/Category:OWASP_Chapter) and regular
(http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference). We also
recently started publishing (as books) the best documents created by the
OWASP documentation projects: http://stores.lulu.com/owasp

Although OWASP is a non-for-profit organization, we use the revenue
generated by our conferences and our member's fees
(http://www.owasp.org/index.php/Membership#Current_OWASP_Members) to support
Open Source and OWASP projects with a sponsorship similar to your Google
Summer of Code.

In the last two years we have successfully managed two OWASP Seasons of

*	OWASP Spring of Code
<http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007>  2007 -
http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007 (SpoC 07), in which
21 projects were sponsored with a budget of US$117,500, 

*	see
http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_:_Selection for a
project list & 'sponsorship value'  and
http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_-_Projects for the
final deliverables

*	OWASP Autumn of Code
<http://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006>  2006 -
http://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006 (AoC 06), in which
9 projects were sponsored with a budget of US$20,000.

Earlier this month, we launched our 3rd sponsorship initiative called the
OWASP Summer of Code 2008:

Final comment on this OWASP introduction. Using help obtained via Google
employees we met at past OWASP conferences, we have started to move some of
OWASP's infrastructure to Google's web based services (owasp.org email for
example is now hosted at mail.google.com/a/owasp.org and some OWASP's
projects are now using Google Code). In fact, our last US conference was
originally supposed to be hosted at Google's HQ, but it was logistically not
possible, so we ended up at Ebay's.

So, here are the questions that I would like to ask you:

*	Given that OWASP already has a fully mature sponsorship program,
would it be possible to (for the most suitable proposals) to use a Google's
Summer of Code sponsorship for the same project sponsored by the OWASP
Summer of Code 2008? (we usually give sponsorships between $2,500 and
*	Although we put no limitations to the type of application that can
be submitted, for the current initiative we are being more specific and are
encouraging projects that fit areas we feel need to be addressed (see
http://www.owasp.org/index.php/OWASP_Request_for_Proposal_List for a list of
those projects/areas). Clearly some of these are major activities which
require as much resources as possible working on them. Hence, it would be
very beneficial if we could co-sponsor the successful applications.
*	We try to be as transparent as possible with our selection criteria
Criteria). So as part of the applications' requirements we have mandated the
public posting of all applications (see here for the first proposals for the
current initiative
http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications , here
for the final list of the previous one
http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications) .
After selection (by the OWASP board), all selection data will be published
here: http://www.owasp.org/index.php/OWASP_Summer_0f_Code_2008_:_Selection 

*	so if we are to work together, do you want to also receive, rate and
select the projects to sponsor, or do you want to re-use the choices made by

*	Can you advise us what is the best route forward? 

*	Should OWASP apply as an organization?
*	Should OWASP help our applicants with a similar submission to the
Google Summer of Code?

*	Another interesting area in which we could work together would be
the  sponsorship of a couple projects  focused on the security of Google's
Summer of Code projects. Part of OWASP's efforts is to educate the developer
community on secure coding best practices (see for example
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project and
http://www.owasp.org/index.php/Category:OWASP_Testing_Project) and since the
participants of the Google Summer of Code are the next generation of
developers, there are lots of  synergies that could be leveraged from
OWASP/Google projects.
*	Finally, due to OWASP's enormous growth over the last year, our
current digital infrastructure needs to be reviewed, and given Google's move
into providing such services (from web hosting, to email, to mailing lists,
to document management, etc...) we would also like to talk to Google about
the type of commercial services that Google can provide to OWASP.

Thanks for your time, and please don't hesitate to contact us if you need
further details or clarifications.

Best regards

Dinis Cruz
Chief OWASP Evangelist

On Wed, Mar 12, 2008 at 2:34 PM, Alison McNamee <alison.mcnamee at owasp.org>



Let me know any help that you need with this.  I will be available by
email/gtalk/phone all day..so anything you need me to do to get this out the
door today, just let me know.




Alison McNamee

OWASP Operations Director

9175 Guilford Road

Suite 300

Columbia, MD 21046

301-575-0197 (phone)

301-604-8033 (fax)






From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: Wednesday, March 12, 2008 8:53 AM
To: 'OWASP Board'
Subject: [Owasp-board] Google Summer of Code Submission!
Importance: High


This is due today right!!??


Dinis, have you worked on this with Google? Can you / Paulo make sure we
submit the proper proposal today, with help from Alison? Jeff and I can
review your submission before it goes in but we really can't work on it
today as we are both teaching all day.


Alison - can you try to ping/find Dinis/Paulo right away on this to
determine status/help out??



Owasp-board mailing list
Owasp-board at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080312/25662e55/attachment-0002.html>

More information about the Owasp-board mailing list