[Owasp-board] Fwd: OWASP SoC

dinis cruz dinis.cruz at owasp.org
Wed Mar 19 15:24:29 UTC 2008


Hi Bernardo

Great to hear about your new born baby

Regarding your comments:

  - I've removed your from the Projects page (no problems, it's good to
clarify where things are). The 'notinsanjose' user was actually me during
the last OWASP Conference in San Jose :)  . I used that as an example during
my keynote speech of  how easy it is to edit our WIKI
  - Regarding the advantages of becoming an OWASP project, that is something
that we are working hard at increasing. As you can see from
http://www.owasp.org/index.php/Category:OWASP_Project_Assessment#Assessment_Scale_for_OWASP_TOOLS_Projectsthe
plan is that in addition to being exposed to the OWASP community,
being
an OWASP project will signify: quality, maturity (documentation, installs,
etc...) and security (code reviews, peer review, etc...)
  - On you application to SoC, you are of course open to submit a proposal,
and your past delivery record will help in the selection process. The only
caveat I would like to add is that we are giving preference to OWASP
projects, so the number of applications might have an impact on your
chances.
  - finally on the budget for you SoC, as you clearly explain, it makes
total sense to propose a sponsorship value to your proposal (i.e. the answer
is YES, you can submit a predefined budget).

Looking forward to reviewing your proposal

Dinis Cruz
Chief OWASP Evangelist

On Wed, Mar 19, 2008 at 2:25 PM, Bernardo Damele <bernardo.damele at gmail.com>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Dinis and Paulo,
>
> first of all sorry for the late reply. I've been quite busy in the last
> months with my newborn daughter ;)
>
> dinis cruz wrote:
> > ...
> > I (with Paulo Coimbra) was responsible for the last Season of Code OWASP
> > sponsorship initiative (SpoC 07, see
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007) where Bernardo
> > Damele was sponsored with 2,500 USD to continue the development of
> > SqlMap (see
> > http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_:_Selection and
> > http://www.owasp.org/index.php/SpoC_007_-_SqlMap and
> > http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page)
>
> Exactly, it was a success and I am glad to all of you for giving me the
> possibility to continue the sqlmap development within the SpoC.
>
> > ...
> > SqlMap is a variation of this since it's main page is hosted outside
> > OWASP.org (http://sqlmap.sourceforge.net/) and I can't remember who
> > added that link to the main OWASP project's page (it might have even
> > been me, since the expectation with SpoC 07 was that the
> > non-OWASP-originated project's sponsored would become OWASP projects).
>
> Yes, sqlmap is currently *not* an OWASP Project.
> It has been added by username 'Notinsanjose' to the OWASP Projects[1]
> page, but I've no idea who he is.
>
> > Ultimately that is Bernardo's decision and he needs to  chose (or not)
> > to join OWASP project's family (would take 30s to remove that link from
> > that page). For reference we are making substantial changes to our
> > definition of and 'OWASP Project' and the criteria we use to classify
> > and rate projects (see
> > http://www.owasp.org/index.php/Category:OWASP_Project_Assessment).
> > ...
>
> I see.
> I, together with Daniele Bellucci (sqlmap project founder), decided to
> keep sqlmap an indepentent project hosted at SourceForge.net for the
> moment, so could you please remove it from the OWASP Projects? I do not
> want people to get confused.
> In the long run, maybe we might change idea. We are both open to talk
> about the advantages for us and you as an organization to have sqlmap
> listed officially as an OWASP Project.
>
> > ...
> > All I would say is that
> > the selection criteria is designed to give some priority to current (or
> > soon to be) OWASP projects
> > (
> http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Jury_and_Selection_Criteria
> ).
> > Not to say that it is mandatory for sponsorship that connection, but it
> > will help :)
>
> Ok, I get your point.
> If you consider that sqlmap was accepted to SpoC 2007 with nine new
> features, all accomplished within the deadline, and that we are probably
> going to  candidate sqlmap to the SoC 2008 with even more features (in
> both quality and quantity) that none of the 21 existing open source SQL
> injections tools have all in one (some features none of the other tools
> have at all), I am sure you'll consider to accept sqlmap also for this
> content and we will accomplish our goals within the deadline again.
>
> > Let me know if you have further questions or need any help (for SpoC
> > issues Paulo Coimbra should be your first point of contact (CCing me))
> > ...
>
> Yes, we have one question: would it be possible to candidate sqlmap for
> the SoC 2008 within a predefined budget or the budget is only up to the
> OWASP Board? Do not get me wrong, I ask this because I would like to
> know what you'd like to see in sqlmap and how much "weight" you'll give
> to each of the features. If you want we can provide you with the
> features list before applying and we are open to discuss with you which
> feature to candidate, just let us know.
>
> Keep on the great work on OWASP and thanks again for the opportunity!
>
> [1]
>
> http://www.owasp.org/index.php?title=Category%3AOWASP_Project&diff=23363&oldid=20598
>
> Cheers,
> - --
> Bernardo Damele
>
> Email address: bernardo.damele (at) gmail.com
> Mobile number: +39 3493821385
> PGP Key ID: 0x05F5A30F
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFH4SJldntYwQX1ow8RAiQhAJ9RJBMPo6C7TlXrcUmv0eeLhBFEowCfXGnS
> oZpDvY3SeRSscY+uipEVmiI=
> =kp/4
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080319/a60bf379/attachment-0002.html>


More information about the Owasp-board mailing list