[Owasp-board] SWAMP+OWASP plan proposal integrated into QA project

Eoin Keary eoin.keary at owasp.org
Sun Jun 8 12:19:35 UTC 2014

Similar to the guide grants for code review, Dev guide and testing guide I don't believe there are any restrictions. 

The funds are to develop the projects rather than pay individual people..

Might be beat to clarify with DHS /Kevin Green?

Eoin Keary
Owasp Global Board
+353 87 977 2988

On 8 Jun 2014, at 13:15, johanna curiel curiel <johanna.curiel at owasp.org> wrote:

> Hi Board
> Enrico had some questions regarding getting a grants though DHS. Please feel free to comment to further clarify my answers.
> On Fri, Jun 6, 2014 at 6:27 PM, Enrico Branca <enrico.branca at owasp.org> wrote:
>> Hi Johanna,
>> Thank you for the links as I missed some details.
>> As usual I have some questions:
>> - can people outside USA participate/contribute?
> I think so. I dont think we are limited to location since OWASP is a foundations established in US. The management of the Grant in administration terms is something that I think must be done from the foundation and not an individual. So you directly might not apply, but through OWASP. 
>> - if we participate and the project is worthy of a grant can
>> people/groups outside us receive it through owasp?
> My experience with grants is that they are very strict how to manage your budget. Most of the times it is required that you pre-finance the project and later on declare the costs. If the costs do not match the original funding purpose, you wont get that money back, therefore is very important people understand how that money is spend, declared and that is done within the regulations of the grant/ Again, the budget needs to be managed from OWASP once it gets paid and then you can receive that payment.
> This grant for example(see attached file)
> We as OWASP can participate because we match the mission/vission. Deadline is September. Let's try it!
>> - assuming somebody has tools to test for real software problems, but
>> industry is looking for a small subset of it because nobody wants to
>> know the hard problems, a supposed tool needs to follow the normal way
>> or is possible to actually do something useful to find bad problems?
> For grants, you need to match the mission/vision of your project with the grant program. If it does not match you wont get the grant.  
> For example this grant:
> http://www.grants.gov/search-grants.html?fundingCategories%3DST%7CScience%20and%20Technology%20and%20other%20Research%20and%20Development
>> - assuming we have a tool able to detect bus, and assuming is the only
>> tool available for doing that in a specific language, what happen if
>> lots of bugs are found in current software? are they disclosed without
>> restrictions? all remain inside dhs? any idea?
> 'Good questions, SWAMP has the possibility to test and let the tool be "private". But I will confirm this info with them 
>> I have a very good idea of what is needed as I am working on a similar
>> project and actually already have half of what is required, but before
>> contributing I would like to have a very clear idea on the boundaries of
>> the scope as for European professional working in security this can be
>> very dangerous.
> Well indeed, we need legal advice here. Like a while ago I though of a tool to use social engineering and programming to break passwords. My brother said to me I should be careful with that kind of tool because it can get me in trouble. So we need advise in order to know we dont cross the legal boundaries. 
>> Let me know if you have more info about this or more documentation I can
>> read as I am really interested.
> see attached file
> http://www.dhs.gov/dhs-financial-assistance
>> Regards,
>> Enrico
>> On 06/06/2014 23:46, johanna curiel curiel wrote:
>> > I have created a proposal in the wiki for how we will integrate OWASP tools
>> > into the SWAMP
>> >
>> > Phase one==> Starting next week
>> > https://www.owasp.org/index.php/SWAMP_OWASP
>> >
>> > https://www.owasp.org/index.php/Proposal_Project_Review_QA_Approach#Code_Analysis_and_Continuous_Assurance_using_SWAMP
>> >
>> > I think this can serve us for further discussions with DHS SWAMP.
>> >
>> > Let me know your thoughts on this
>> >
>> > regards
>> >
>> > Johanna
>> >
> <GRANTS-opportunities.pdf>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140608/379b92ab/attachment.html>

More information about the Owasp-board mailing list