[Owasp-leaders] Your input/ help requested for EC grant project proposal?
seba at owasp.org
Wed May 1 17:40:54 UTC 2013
warning: big email - requests for you at the bottom :-)
In the last weeks we (Samantha and myself) have researched to partner with
LSEC (an independent not-for-profit network organisation uniting a variety
of experts of IT security, details on www.lsec.be) in Belgium to respond to
a call for projects from the European Commission (EC) within the ICT PSP
Competitiveness and Innovation Framework Programme (CIP) 2013, as part of
the EC Europe 2020 Strategy (details on http://ec.europa.eu/cip/ with the
call for projects on
The OWASP Europe legal entity will be used for this.
This is a project under Call 4, Trusted eServices, for the protection of
websites against attacks and stimulating the uptake of innovative ICT based
services and products. Which falls right within the OWASP body of knowledge.
The proposal should be submitted by mid-May, and upon positive evaluation
in May and June, could be awarded in July – September after a negotiation
process with the EC.
The project is set to start not before December 2013, with preparations
already starting Q4 2012.
Besides LSEC and OWASP the consortium consists of partners from industry
and government agencies including Atos (Spain),EII (Italy), ECO (Germany),
CERT.RO (Romania), XLAB (Slovakia) and also involves Academic partners e.g.
University of Leuven.
The EC will be funding the project up to 2.5 mio €, the partners in the
consortium should be funding the project for an amount equal to the
requested contribution from the EC. (50% financed by the EC).
This means we can:
1) cover already foreseen costs from OWASP staff and projects (e.g. time of
Samantha and possibly a to be hired extra part time technical project
support contractor in Europe)
2) double any projected investments/sponsoring in OWASP projects within the
coming 2,5 years
when these can be aligned with the EC project scope and can be spend within
Samantha and myself are currently working on outlining the OWASP
involvement in a couple of work packages, covering topics as:
1) Analysis of vulnerabilities in web applications
2) Identification and classification of Vulnerabilities, risks and
challenges in web applications
3) Development and improving tools and processes to protect web applications
4) Assistance in deploying web application security controls in
development/acquisition processes of web applications
5) Verification of these controls
6) Dissemination and promotion of the above
The main objective is to have better protection of business and website
owners against cyber-attacks against their websites, affecting their
business and reputation and reducing the risk of spreading malware.
Increasing the security of users and consumers by reducing the security
threats created by malicious websites.
Requests to you as project/chapter leaders:
1) Will/can you participate in this series of projects as part of the EC
If YES let us know if you:
a) spare a few cycles and provide immediate input into the work packages
b) want to be listed as project / project leader that will participate
later in the EC project?
2) Request for ideas / projects that can be integrated in the EC project,
examples are OWASP Top 10 for European SMEs, detailed taxonomy of SME web
application risks, vulnerabilities and countermeasures, tool
development/ready to install packaging of ESAPI, ModSecurity rulesets,
AppSensor, specific acquisition guidelines, testing tools & methodologies,
SAMM for SMEs, …. ?
3) Request for project leaders / volunteers to align (part of) your
activities and project investments (time and funding) with the EC project
We will need your input in the coming week for it to be integrated in the
*Counting on your support.*
*Seba / Samantha*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders