[Owasp-board] Fwd: OWASP SoC

dinis cruz dinis.cruz at owasp.org
Wed Mar 19 15:24:29 UTC 2008

Hi Bernardo

Great to hear about your new born baby

Regarding your comments:

  - I've removed your from the Projects page (no problems, it's good to
clarify where things are). The 'notinsanjose' user was actually me during
the last OWASP Conference in San Jose :)  . I used that as an example during
my keynote speech of  how easy it is to edit our WIKI
  - Regarding the advantages of becoming an OWASP project, that is something
that we are working hard at increasing. As you can see from
plan is that in addition to being exposed to the OWASP community,
an OWASP project will signify: quality, maturity (documentation, installs,
etc...) and security (code reviews, peer review, etc...)
  - On you application to SoC, you are of course open to submit a proposal,
and your past delivery record will help in the selection process. The only
caveat I would like to add is that we are giving preference to OWASP
projects, so the number of applications might have an impact on your
  - finally on the budget for you SoC, as you clearly explain, it makes
total sense to propose a sponsorship value to your proposal (i.e. the answer
is YES, you can submit a predefined budget).

Looking forward to reviewing your proposal

Dinis Cruz
Chief OWASP Evangelist

On Wed, Mar 19, 2008 at 2:25 PM, Bernardo Damele <bernardo.damele at gmail.com>

> Hash: SHA1
> Hi Dinis and Paulo,
> first of all sorry for the late reply. I've been quite busy in the last
> months with my newborn daughter ;)
> dinis cruz wrote:
> > ...
> > I (with Paulo Coimbra) was responsible for the last Season of Code OWASP
> > sponsorship initiative (SpoC 07, see
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007) where Bernardo
> > Damele was sponsored with 2,500 USD to continue the development of
> > SqlMap (see
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_:_Selection and
> > http://www.owasp.org/index.php/SpoC_007_-_SqlMap and
> > http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page)
> Exactly, it was a success and I am glad to all of you for giving me the
> possibility to continue the sqlmap development within the SpoC.
> > ...
> > SqlMap is a variation of this since it's main page is hosted outside
> > OWASP.org (http://sqlmap.sourceforge.net/) and I can't remember who
> > added that link to the main OWASP project's page (it might have even
> > been me, since the expectation with SpoC 07 was that the
> > non-OWASP-originated project's sponsored would become OWASP projects).
> Yes, sqlmap is currently *not* an OWASP Project.
> It has been added by username 'Notinsanjose' to the OWASP Projects[1]
> page, but I've no idea who he is.
> > Ultimately that is Bernardo's decision and he needs to  chose (or not)
> > to join OWASP project's family (would take 30s to remove that link from
> > that page). For reference we are making substantial changes to our
> > definition of and 'OWASP Project' and the criteria we use to classify
> > and rate projects (see
> > http://www.owasp.org/index.php/Category:OWASP_Project_Assessment).
> > ...
> I see.
> I, together with Daniele Bellucci (sqlmap project founder), decided to
> keep sqlmap an indepentent project hosted at SourceForge.net for the
> moment, so could you please remove it from the OWASP Projects? I do not
> want people to get confused.
> In the long run, maybe we might change idea. We are both open to talk
> about the advantages for us and you as an organization to have sqlmap
> listed officially as an OWASP Project.
> > ...
> > All I would say is that
> > the selection criteria is designed to give some priority to current (or
> > soon to be) OWASP projects
> > (
> http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Jury_and_Selection_Criteria
> ).
> > Not to say that it is mandatory for sponsorship that connection, but it
> > will help :)
> Ok, I get your point.
> If you consider that sqlmap was accepted to SpoC 2007 with nine new
> features, all accomplished within the deadline, and that we are probably
> going to  candidate sqlmap to the SoC 2008 with even more features (in
> both quality and quantity) that none of the 21 existing open source SQL
> injections tools have all in one (some features none of the other tools
> have at all), I am sure you'll consider to accept sqlmap also for this
> content and we will accomplish our goals within the deadline again.
> > Let me know if you have further questions or need any help (for SpoC
> > issues Paulo Coimbra should be your first point of contact (CCing me))
> > ...
> Yes, we have one question: would it be possible to candidate sqlmap for
> the SoC 2008 within a predefined budget or the budget is only up to the
> OWASP Board? Do not get me wrong, I ask this because I would like to
> know what you'd like to see in sqlmap and how much "weight" you'll give
> to each of the features. If you want we can provide you with the
> features list before applying and we are open to discuss with you which
> feature to candidate, just let us know.
> Keep on the great work on OWASP and thanks again for the opportunity!
> [1]
> http://www.owasp.org/index.php?title=Category%3AOWASP_Project&diff=23363&oldid=20598
> Cheers,
> - --
> Bernardo Damele
> Email address: bernardo.damele (at) gmail.com
> Mobile number: +39 3493821385
> PGP Key ID: 0x05F5A30F
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> iD8DBQFH4SJldntYwQX1ow8RAiQhAJ9RJBMPo6C7TlXrcUmv0eeLhBFEowCfXGnS
> oZpDvY3SeRSscY+uipEVmiI=
> =kp/4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080319/a60bf379/attachment-0002.html>

More information about the Owasp-board mailing list