[Owasp-board] Google & OWASP Summer of Code 2008 - can we worktogether?

Sebastien Deleersnyder Sebastien.Deleersnyder at telindus.be
Thu Mar 13 15:14:30 UTC 2008


On http://code.google.com/opensource/gsoc/2008/faqs.html#0.1_when_apply
it states

<snip>
6. When can I apply for Google Summer of Code?
We'll begin accepting applications from open source mentoring
organizations on Monday, March 3, 2008; we'll stop accepting
organization applications on Wednesday, March 12th.

The student application period begins Monday, March 24, 2008, and ends
Monday, March 31st.

For full details, see the program timeline.
</snip>
No mention of time! But then the timeline:
http://code.google.com/opensource/gsoc/2008/faqs.html#0.1_timeline does
mention it !!

regards

Seba

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: 13 March 2008 16:08
To: 'dinis cruz'
Cc: 'OWASP Board'
Subject: Re: [Owasp-board] Google & OWASP Summer of Code 2008 - can we
worktogether?

This is absurd. Alison looked and couldn't find any time limit on the
submission date, but even if there was one, this seems crazy.

What do we do now?

-Dave

-----Original Message-----
From: lhawthorn at google.com [mailto:lhawthorn at google.com] On Behalf Of
Leslie
Hawthorn
Sent: Wednesday, March 12, 2008 9:36 PM
To: dinis cruz
Cc: cdibona at gmail.com; OWASP Board; Jeff Williams; Dave Wichers; Paulo
Coimbra
Subject: Re: Google & OWASP Summer of Code 2008 - can we work together?

HI Dinis,

We are indeed the right people.  Unfortunately, the application
deadline for Google Summer of Code was today at 19:00 UTC.  Afraid we
can't help you.

Cheers,
LH

On Wed, Mar 12, 2008 at 6:14 PM, dinis cruz <dinis.cruz at owasp.org>
wrote:
>  Hello Chris and Leslie (got your details from
> http://groups.google.com/groups/profile).
>
> As 'Program Manager - Open Source' (Leslie Hawthorn) and  'Open Source
> Programs Manager' (Chris DiBona) I believe you are the persons we
(OWASP)
> need to talk to at Google.
>
>  I'm Dinis Cruz and I am representing the OWASP (Open Web Application
> Security Project) who I hope you have come across before (I think me
and
> Chris swapped same emails a couple years ago).
>
>  OWASP is focused on Web Application Security and you can see more
details
> about us on our website http://www.owasp.org
> (http://www.owasp.org/index.php/About_OWASP). OWASP manages  numerous
Open
> Source projects
(http://www.owasp.org/index.php/Category:OWASP_Project)
and
> is represented through the world via our chapters
> (http://www.owasp.org/index.php/Category:OWASP_Chapter) and regular
> conferences
> (http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference). We
also
> recently started publishing (as books) the best documents created by
the
> OWASP documentation projects: http://stores.lulu.com/owasp
>
>  Although OWASP is a non-for-profit organization, we use the revenue
> generated by our conferences and our member's fees
> (http://www.owasp.org/index.php/Membership#Current_OWASP_Members) to
support
> Open Source and OWASP projects with a sponsorship similar to your
Google
> Summer of Code.
>
>  In the last two years we have successfully managed two OWASP Seasons
of
> Code:
>
> OWASP Spring of Code 2007 -
> http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007 (SpoC 07), in
which
> 21 projects were sponsored with a budget of US$117,500,
> see
http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_:_Selection
for
> a project list & 'sponsorship value'  and
> http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_-_Projects
for
the
> final deliverables
> OWASP Autumn of Code 2006 -
> http://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006 (AoC 06), in
which
> 9 projects were sponsored with a budget of US$20,000.
> Earlier this month, we launched our 3rd sponsorship initiative called
the
> OWASP Summer of Code 2008:
> http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>
> One note that I would like to make is the tremendous value-for-money
that
we
> (at OWASP) have with our sponsorship model. Since all information is
open
> (from proposal to deliverables) and exposed for peer review, we are
able
to
> only 'pay for what is delivered' (this in practice means that 'below
> average' projects tend to be drooped by the sponsored candidates).
>
> A practice that worked very well, was to accept a higher number of
> proposals, since we found that:
>
> there is a natural 10% to 20% cancellation rate (author could not
deliver
> the proposed project) , but
>
> some projects massively over-deliver. See for example the work done on
the
> OWASP Testing Guide
>
(http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Te
stin
g_Guide)
> and the OWASP Top 10 for Ruby on Rails (see book
> http://www.lulu.com/content/1412042 and project page
>
http://www.owasp.org/index.php/SpoC_007_-_Web_Application_Security_put_i
nto_
practice
> )
>
>  Final comment on this OWASP introduction. Using help obtained via
Google
> employees we met at past OWASP conferences, we have started to move
some
of
> OWASP's infrastructure to Google's web based services (owasp.org email
for
> example is now hosted at mail.google.com/a/owasp.org and some OWASP's
> projects are now using Google Code). In fact, our last US conference
was
> originally supposed to be hosted at Google's HQ, but it was
logistically
not
> possible, so we ended up at Ebay's.
>
>
>  So, here are the questions that I would like to ask you:
>
> Given that OWASP already has a fully mature sponsorship program, would
it
be
> possible to (for the most suitable proposals) to use a Google's Summer
of
> Code sponsorship for the same project sponsored by the OWASP Summer of
Code
> 2008? (we usually give sponsorships between $2,500 and $5,000).
> Although we put no limitations to the type of application that can be
> submitted, for the current initiative we are being more specific and
are
> encouraging projects that fit areas we feel need to be addressed (see
> http://www.owasp.org/index.php/OWASP_Request_for_Proposal_List for a
list
of
> those projects/areas). Clearly some of these are major activities
which
> require as much resources as possible working on them. Hence, it would
be
> very beneficial if we could co-sponsor the successful applications.
>
> We try to be as transparent as possible with our selection criteria
(see
>
http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Jury_and_Select
ion_
Criteria).
> So as part of the applications' requirements we have mandated the
public
> posting of all applications (see here for the first proposals for the
> current initiative
> http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications
,
here
> for the final list of the previous one
> http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications)
.
> After selection (by the OWASP board), all selection data will be
published
> here:
http://www.owasp.org/index.php/OWASP_Summer_0f_Code_2008_:_Selection
> so if we are to work together, do you want to also receive, rate and
select
> the projects to sponsor, or do you want to re-use the choices made by
OWASP?
> Can you advise us what is the best route forward?
> Should OWASP apply as an organization?
> (http://code.google.com/soc/2008/org_signup.html)
>
> Should OWASP help our applicants with a similar submission to the
Google
> Summer of Code?
>
> Another interesting area in which we could work together would be the
> sponsorship of a couple projects  focused on the security of Google's
Summer
> of Code projects. Part of OWASP's efforts is to educate the developer
> community on secure coding best practices (see for example
> http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project and
> http://www.owasp.org/index.php/Category:OWASP_Testing_Project) and
since
the
> participants of the Google Summer of Code are the next generation of
> developers, there are lots of  synergies that could be leveraged from
> OWASP/Google projects.
> Finally, due to OWASP's enormous growth over the last year, our
current
> digital infrastructure needs to be reviewed, and given Google's move
into
> providing such services (from web hosting, to email, to mailing lists,
to
> document management, etc...) we would also like to talk to Google
about
the
> type of commercial services that Google can provide to OWASP. Thanks
for
> your time, and please don't hesitate to contact us if you need further
> details or clarifications.
>
>  Best regards
>
>  Dinis Cruz
>  Chief OWASP Evangelist



-- 
Leslie Hawthorn
Program Manager - Open Source
Google Inc.

http://code.google.com/opensource/

I blog here:

http://google-opensource.blogspot.com - http://www.hawthornlandings.org

_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board



More information about the Owasp-board mailing list