[Owasp-board] FW: FW: Fwd: Google & OWASP Summer of Code 2008 - can we work together?
dinis.cruz at owasp.org
Mon Mar 17 11:04:55 UTC 2008
I did forward that email to Matt Moore (ex-Oracle) so its good to see that
he acted on it :)
Let's give them a couple more days and see what happens next
On Mon, Mar 17, 2008 at 12:45 AM, Dave Wichers <dave.wichers at owasp.org>
> I guess there is some hope that Google will respond favorably to our
> Google summer of code submission.
> Stay tuned.
> -----Original Message-----
> From: Matt Sommer [mailto:mms at google.com]
> Sent: Friday, March 14, 2008 2:51 PM
> To: Dave Wichers
> Cc: Matt Moore
> Subject: Re: FW: [Owasp-board] Fwd: Google & OWASP Summer of Code 2008 -
> can we work together?
> Hey Dave,
> I saw this! Got the forward from my new boss (Matt Moore, who knows
> Dinis from London apparently). Matt and I are chatting...
> On Wed, Mar 12, 2008 at 5:03 PM, Dave Wichers <dave.wichers at owasp.org>
> > Matt,
> > We just submitted this and hope we get a positive response. If you can
> > in a good word for us, that would be great. Do you know Chris or Leslie,
> > anyone else heavily involved in the Google Summer of Code effort?
> > Thanks, Dave
> > p.s. OWASP now has 2 employees. :-) Making progress …
> > ---------- Forwarded message ----------
> > From: dinis cruz <dinis.cruz at owasp.org>
> > Date: Wed, Mar 12, 2008 at 11:14 PM
> > Subject: Google & OWASP Summer of Code 2008 - can we work together?
> > To: lhospo at gmail.com, cdibona at gmail.com
> > Cc: OWASP Board <owasp-board at lists.owasp.org>, Jeff Williams
> > <jeff.williams at owasp.org>, Dave Wichers <dave.wichers at owasp.org>, Paulo
> > Coimbra <paulo.coimbra at owasp.org>
> > Hello Chris and Leslie (got your details from
> > http://groups.google.com/groups/profile).
> > As 'Program Manager - Open Source' (Leslie Hawthorn) and 'Open Source
> > Programs Manager' (Chris DiBona) I believe you are the persons we
> > need to talk to at Google.
> > I'm Dinis Cruz and I am representing the OWASP (Open Web Application
> > Security Project) who I hope you have come across before (I think me and
> > Chris swapped same emails a couple years ago).
> > OWASP is focused on Web Application Security and you can see more
> > about us on our website http://www.owasp.org
> > (http://www.owasp.org/index.php/About_OWASP). OWASP manages numerous
> > Source projects (http://www.owasp.org/index.php/Category:OWASP_Project)
> > is represented through the world via our chapters
> > (http://www.owasp.org/index.php/Category:OWASP_Chapter) and regular
> > conferences
> > (http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference). We
> > recently started publishing (as books) the best documents created by the
> > OWASP documentation projects: http://stores.lulu.com/owasp
> > Although OWASP is a non-for-profit organization, we use the revenue
> > generated by our conferences and our member's fees
> > (http://www.owasp.org/index.php/Membership#Current_OWASP_Members) to
> > Open Source and OWASP projects with a sponsorship similar to your Google
> > Summer of Code.
> > In the last two years we have successfully managed two OWASP Seasons of
> > Code:
> > OWASP Spring of Code 2007 -
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007 (SpoC 07), in
> > 21 projects were sponsored with a budget of US$117,500,
> > see http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_:_Selectionfor
> > a project list & 'sponsorship value' and
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_-_Projects for
> > final deliverables
> > OWASP Autumn of Code 2006 -
> > http://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006 (AoC 06), in
> > 9 projects were sponsored with a budget of US$20,000.
> > Earlier this month, we launched our 3rd sponsorship initiative called
> > OWASP Summer of Code 2008:
> > http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
> > One note that I would like to make is the tremendous value-for-money
> > we (at OWASP) have with our sponsorship model. Since all information is
> > (from proposal to deliverables) and exposed for peer review, we are able
> > only 'pay for what is delivered' (this in practice means that 'below
> > average' projects tend to be drooped by the sponsored candidates).
> > A practice that worked very well, was to accept a higher number of
> > proposals, since we found that:
> > there is a natural 10% to 20% cancellation rate (author could not
> > the proposed project) , but
> > some projects massively over-deliver. See for example the work done on
> > OWASP Testing Guide
> > (
> > and the OWASP Top 10 for Ruby on Rails (see book
> > http://www.lulu.com/content/1412042 and project page
> > )
> > Final comment on this OWASP introduction. Using help obtained via Google
> > employees we met at past OWASP conferences, we have started to move some
> > OWASP's infrastructure to Google's web based services (owasp.org email
> > example is now hosted at mail.google.com/a/owasp.org and some OWASP's
> > projects are now using Google Code). In fact, our last US conference was
> > originally supposed to be hosted at Google's HQ, but it was logistically
> > possible, so we ended up at Ebay's.
> > So, here are the questions that I would like to ask you:
> > Given that OWASP already has a fully mature sponsorship program, would
> it be
> > possible to (for the most suitable proposals) to use a Google's Summer
> > Code sponsorship for the same project sponsored by the OWASP Summer of
> > 2008? (we usually give sponsorships between $2,500 and $5,000).
> > Although we put no limitations to the type of application that can be
> > submitted, for the current initiative we are being more specific and are
> > encouraging projects that fit areas we feel need to be addressed (see
> > http://www.owasp.org/index.php/OWASP_Request_for_Proposal_List for a
> list of
> > those projects/areas). Clearly some of these are major activities which
> > require as much resources as possible working on them. Hence, it would
> > very beneficial if we could co-sponsor the successful applications.
> > We try to be as transparent as possible with our selection criteria (see
> > So as part of the applications' requirements we have mandated the public
> > posting of all applications (see here for the first proposals for the
> > current initiative
> > http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications ,
> > for the final list of the previous one
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications) .
> > After selection (by the OWASP board), all selection data will be
> > here:
> > so if we are to work together, do you want to also receive, rate and
> > the projects to sponsor, or do you want to re-use the choices made by
> > Can you advise us what is the best route forward?
> > Should OWASP apply as an organization?
> > (http://code.google.com/soc/2008/org_signup.html)
> > Should OWASP help our applicants with a similar submission to the Google
> > Summer of Code?
> > Another interesting area in which we could work together would be the
> > sponsorship of a couple projects focused on the security of Google's
> > of Code projects. Part of OWASP's efforts is to educate the developer
> > community on secure coding best practices (see for example
> > http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project and
> > http://www.owasp.org/index.php/Category:OWASP_Testing_Project) and since
> > participants of the Google Summer of Code are the next generation of
> > developers, there are lots of synergies that could be leveraged from
> > OWASP/Google projects.
> > Finally, due to OWASP's enormous growth over the last year, our current
> > digital infrastructure needs to be reviewed, and given Google's move
> > providing such services (from web hosting, to email, to mailing lists,
> > document management, etc...) we would also like to talk to Google about
> > type of commercial services that Google can provide to OWASP.
> > Thanks for your time, and please don't hesitate to contact us if you
> > further details or clarifications.
> > Best regards
> > Dinis Cruz
> > Chief OWASP Evangelist
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board