[Owasp-board] FW: FW: Fwd: Google & OWASP Summer of Code 2008 - can we work together?

dinis cruz dinis.cruz at owasp.org
Mon Mar 17 11:04:55 UTC 2008


Cool

I did forward that email to Matt Moore (ex-Oracle) so its good to see that
he acted on it :)

Let's give them a couple more days and see what happens next

Dinis

On Mon, Mar 17, 2008 at 12:45 AM, Dave Wichers <dave.wichers at owasp.org>
wrote:

> I guess there is some hope that Google will respond favorably to our
> Google summer of code submission.
>
> Stay tuned.
>
> -Dave
>
> -----Original Message-----
> From: Matt Sommer [mailto:mms at google.com]
> Sent: Friday, March 14, 2008 2:51 PM
> To: Dave Wichers
> Cc: Matt Moore
> Subject: Re: FW: [Owasp-board] Fwd: Google & OWASP Summer of Code 2008 -
> can we work together?
>
> Hey Dave,
>
> I saw this! Got the forward from my new boss (Matt Moore, who knows
> Dinis from London apparently). Matt and I are chatting...
>
> On Wed, Mar 12, 2008 at 5:03 PM, Dave Wichers <dave.wichers at owasp.org>
> wrote:
> >
> > Matt,
> >
> > We just submitted this and hope we get a positive response. If you can
> throw
> > in a good word for us, that would be great. Do you know Chris or Leslie,
> or
> > anyone else heavily involved in the Google Summer of Code effort?
> >
> > Thanks, Dave
> >
> > p.s. OWASP now has 2 employees. :-) Making progress …
> >
> > ---------- Forwarded message ----------
> >  From: dinis cruz <dinis.cruz at owasp.org>
> >  Date: Wed, Mar 12, 2008 at 11:14 PM
> >  Subject: Google & OWASP Summer of Code 2008 - can we work together?
> >  To: lhospo at gmail.com, cdibona at gmail.com
> >  Cc: OWASP Board <owasp-board at lists.owasp.org>, Jeff Williams
> > <jeff.williams at owasp.org>, Dave Wichers <dave.wichers at owasp.org>, Paulo
> > Coimbra <paulo.coimbra at owasp.org>
> >
> >
> >  Hello Chris and Leslie (got your details from
> > http://groups.google.com/groups/profile).
> >
> >  As 'Program Manager - Open Source' (Leslie Hawthorn) and  'Open Source
> > Programs Manager' (Chris DiBona) I believe you are the persons we
> (OWASP)
> > need to talk to at Google.
> >
> >  I'm Dinis Cruz and I am representing the OWASP (Open Web Application
> > Security Project) who I hope you have come across before (I think me and
> > Chris swapped same emails a couple years ago).
> >
> >  OWASP is focused on Web Application Security and you can see more
> details
> > about us on our website http://www.owasp.org
> > (http://www.owasp.org/index.php/About_OWASP). OWASP manages  numerous
> Open
> > Source projects (http://www.owasp.org/index.php/Category:OWASP_Project)
> and
> > is represented through the world via our chapters
> > (http://www.owasp.org/index.php/Category:OWASP_Chapter) and regular
> > conferences
> > (http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference). We
> also
> > recently started publishing (as books) the best documents created by the
> > OWASP documentation projects: http://stores.lulu.com/owasp
> >
> >  Although OWASP is a non-for-profit organization, we use the revenue
> > generated by our conferences and our member's fees
> > (http://www.owasp.org/index.php/Membership#Current_OWASP_Members) to
> support
> > Open Source and OWASP projects with a sponsorship similar to your Google
> > Summer of Code.
> >
> >  In the last two years we have successfully managed two OWASP Seasons of
> > Code:
> >
> >
> > OWASP Spring of Code 2007 -
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007 (SpoC 07), in
> which
> > 21 projects were sponsored with a budget of US$117,500,
> >
> >
> > see http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_:_Selectionfor
> > a project list & 'sponsorship value'  and
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_-_Projects for
> the
> > final deliverables
> > OWASP Autumn of Code 2006 -
> > http://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006 (AoC 06), in
> which
> > 9 projects were sponsored with a budget of US$20,000.
> >
> >
> > Earlier this month, we launched our 3rd sponsorship initiative called
> the
> > OWASP Summer of Code 2008:
> > http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
> >
> >  One note that I would like to make is the tremendous value-for-money
> that
> > we (at OWASP) have with our sponsorship model. Since all information is
> open
> > (from proposal to deliverables) and exposed for peer review, we are able
> to
> > only 'pay for what is delivered' (this in practice means that 'below
> > average' projects tend to be drooped by the sponsored candidates).
> >
> >  A practice that worked very well, was to accept a higher number of
> > proposals, since we found that:
> >
> > there is a natural 10% to 20% cancellation rate (author could not
> deliver
> > the proposed project) , but
> > some projects massively over-deliver. See for example the work done on
> the
> > OWASP Testing Guide
> > (
> http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Testing_Guide
> )
> > and the OWASP Top 10 for Ruby on Rails (see book
> > http://www.lulu.com/content/1412042 and project page
> >
> http://www.owasp.org/index.php/SpoC_007_-_Web_Application_Security_put_into_practice
> > )
> >
> >
> >
> > Final comment on this OWASP introduction. Using help obtained via Google
> > employees we met at past OWASP conferences, we have started to move some
> of
> > OWASP's infrastructure to Google's web based services (owasp.org email
> for
> > example is now hosted at mail.google.com/a/owasp.org and some OWASP's
> > projects are now using Google Code). In fact, our last US conference was
> > originally supposed to be hosted at Google's HQ, but it was logistically
> not
> > possible, so we ended up at Ebay's.
> >
> >
> >
> >
> >  So, here are the questions that I would like to ask you:
> >
> >
> > Given that OWASP already has a fully mature sponsorship program, would
> it be
> > possible to (for the most suitable proposals) to use a Google's Summer
> of
> > Code sponsorship for the same project sponsored by the OWASP Summer of
> Code
> > 2008? (we usually give sponsorships between $2,500 and $5,000).
> >
> > Although we put no limitations to the type of application that can be
> > submitted, for the current initiative we are being more specific and are
> > encouraging projects that fit areas we feel need to be addressed (see
> > http://www.owasp.org/index.php/OWASP_Request_for_Proposal_List for a
> list of
> > those projects/areas). Clearly some of these are major activities which
> > require as much resources as possible working on them. Hence, it would
> be
> > very beneficial if we could co-sponsor the successful applications.
> >
> >
> > We try to be as transparent as possible with our selection criteria (see
> >
> http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Jury_and_Selection_Criteria
> ).
> > So as part of the applications' requirements we have mandated the public
> > posting of all applications (see here for the first proposals for the
> > current initiative
> > http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications ,
> here
> > for the final list of the previous one
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications) .
> > After selection (by the OWASP board), all selection data will be
> published
> > here:
> http://www.owasp.org/index.php/OWASP_Summer_0f_Code_2008_:_Selection
> >
> >
> > so if we are to work together, do you want to also receive, rate and
> select
> > the projects to sponsor, or do you want to re-use the choices made by
> OWASP?
> >
> > Can you advise us what is the best route forward?
> >
> >
> > Should OWASP apply as an organization?
> > (http://code.google.com/soc/2008/org_signup.html)
> >
> >
> >
> > Should OWASP help our applicants with a similar submission to the Google
> > Summer of Code?
> >
> >
> > Another interesting area in which we could work together would be the
> > sponsorship of a couple projects  focused on the security of Google's
> Summer
> > of Code projects. Part of OWASP's efforts is to educate the developer
> > community on secure coding best practices (see for example
> > http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project and
> > http://www.owasp.org/index.php/Category:OWASP_Testing_Project) and since
> the
> > participants of the Google Summer of Code are the next generation of
> > developers, there are lots of  synergies that could be leveraged from
> > OWASP/Google projects.
> >
> > Finally, due to OWASP's enormous growth over the last year, our current
> > digital infrastructure needs to be reviewed, and given Google's move
> into
> > providing such services (from web hosting, to email, to mailing lists,
> to
> > document management, etc...) we would also like to talk to Google about
> the
> > type of commercial services that Google can provide to OWASP.
> >
> > Thanks for your time, and please don't hesitate to contact us if you
> need
> > further details or clarifications.
> >
> >  Best regards
> >
> >  Dinis Cruz
> >  Chief OWASP Evangelist
> >
> >
>
>
>
> --
> cheers,
>
> m.
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080317/33de5ad8/attachment-0002.html>


More information about the Owasp-board mailing list