[Owasp-leaders] Your input/ help requested for EC grant project proposal?
johanna curiel curiel
johanna.curiel at owasp.org
Thu May 2 10:03:06 UTC 2013
This is my(draft) proposal idea based on what I spoke with you. This is
just a concept on how I think you can create the proposal and my knowledge
about how EU funds work for this part. What I know from EU funds is that
the grant is provided depending on the goals you have accomplished and you
get your funding as far as you deliver what you originally planned.
Project Main objectives:
*To improve the Quality Assurance of the OWASP open source tools and
documentation/ user manuals related to these tools.*
For the project period, we need to determine specific goals with project
leaders .Most probably they have already identified the highest priorities
within their projects.It will be great if each project leader can send you
a list of their improvement areas so the plan becomes concrete.
Right now we are very depended on volunteers and contributors to realize
these improvements, but in this setup, we need to specify per projects
which items require the most attention and then set them in a plan with a
deliverable. Contributors will need to compromise to make this happen.This
is the highest risk within the project.
Project leaders will need to identify the specific areas where their
project need the most work on this part. Once an inventory has been done, a
specific budget could be allocated
*Phase 1 (1 to 3 months)*:Evaluate the highest priorities for improvement
within each OWASP project
*Enhancement and bug fixing for Software projects *:Most projects , such as
OWASP ZAP (for example) have a database of bugs ranking from higher to
lower priority. The Project leader will need to identify which bugs need
the fastest fix and using a scrum methodology we need to set this up in
sprints to be able to deliver the fixes in a specific time.
*Improve Documentation/ Video instructional videos and User manuals:*
Make an inventory of the necessary documentation per project and their need
of improvement. Create a budget for copy writers/editors or technical
writers to help on this part
*Visually Enhancement and editing of Instructional materials (such as Code
I think a nice design & editing can make this books look more appealing to
*Get new contributors:*
- Recruit Contributors at Universities:Projects such as Google of summer
of code help to find new contributors, but in the case of this project, we
can look to team up with research students at different universities. Part
of this goal is to get candidates in their final year who need a project to
work on and OWASP can offer a platform for research and development.Part of
the budget could go to promote this activity. I thinkis wise to allocate
budget for promotional activities within universities to recruit students
- Recruit contributors at Security Conferences:I think this is already
been done, but you can setup part of the budget for this activity within
Phase 2( 6 months - 1 year): Planning & Execution*
*Define a time-plan of deliverable*
Once the priorities has been identified within each project, it will be
determined together with the project leader , a time planning with specific
Code Review Guide has a clear plan already for example, so you just need
to add this on the project, also you could allocate more budget for Layout
and design(just an idea)
Software project Example:
OWASP ZAP new report module improvement
goal: create new reports (x, y, z) with visually appealing charts etc...
Add new formats (PDF)
Development: Sprint 1, Sprint 2, Sprint X...
User Functional Test period: 3 weeks...
User Acceptance Test: 2 weeks
Project time : 3 months
During a period of 7 months to 1 year, will team up with project leaders to
deliver the goals setup in the plan.
Phase 3( 6 months -to 1 year)
Documentation & User manuals/ Video instructional videos after software
I think this is a big area that most tools can use since I think
contributors dedicate a big deal in creating the tools but little in
updating and improving user manuals, especially for first time users.
Here, again based on the improvements done on the software tools/ manuals,
we can allocate a budget for this each section.
After having make improvements and changes in the software, the necessary
update in manuals (maybe hire a graphic designer/ Video Editor) to make
this more appealing. I think OWASP should consider that making
documentation visual appealing is a very important part of getting the
software appeal to more target groups.
Phase 4 : Evaluation
This is also important. In the end, we need to evaluate if we reached the
goals originally setup and how far did we get.
Let me know what you think of. Hope these ideas match the goals for this
project and we can all benefit on this part. Count on me to contribute as
part-time project manager to realize these goals in the proposal
On Wed, May 1, 2013 at 1:40 PM, Seba <seba at owasp.org> wrote:
> Dear All,
> warning: big email - requests for you at the bottom :-)
> In the last weeks we (Samantha and myself) have researched to partner with
> LSEC (an independent not-for-profit network organisation uniting a variety
> of experts of IT security, details on www.lsec.be) in Belgium to respond
> to a call for projects from the European Commission (EC) within the ICT PSP
> Competitiveness and Innovation Framework Programme (CIP) 2013, as part of
> the EC Europe 2020 Strategy (details on http://ec.europa.eu/cip/ with the
> call for projects on
> The OWASP Europe legal entity will be used for this.
> This is a project under Call 4, Trusted eServices, for the protection of
> websites against attacks and stimulating the uptake of innovative ICT based
> services and products. Which falls right within the OWASP body of knowledge.
> The proposal should be submitted by mid-May, and upon positive evaluation
> in May and June, could be awarded in July – September after a negotiation
> process with the EC.
> The project is set to start not before December 2013, with preparations
> already starting Q4 2012.
> Besides LSEC and OWASP the consortium consists of partners from industry
> and government agencies including Atos (Spain),EII (Italy), ECO (Germany),
> CERT.RO (Romania), XLAB (Slovakia) and also involves Academic partners
> e.g. University of Leuven.
> The EC will be funding the project up to 2.5 mio €, the partners in the
> consortium should be funding the project for an amount equal to the
> requested contribution from the EC. (50% financed by the EC).
> This means we can:
> 1) cover already foreseen costs from OWASP staff and projects (e.g. time
> of Samantha and possibly a to be hired extra part time technical project
> support contractor in Europe)
> 2) double any projected investments/sponsoring in OWASP projects within
> the coming 2,5 years
> when these can be aligned with the EC project scope and can be spend
> within Europe.
> Samantha and myself are currently working on outlining the OWASP
> involvement in a couple of work packages, covering topics as:
> 1) Analysis of vulnerabilities in web applications
> 2) Identification and classification of Vulnerabilities, risks and
> challenges in web applications
> 3) Development and improving tools and processes to protect web
> 4) Assistance in deploying web application security controls in
> development/acquisition processes of web applications
> 5) Verification of these controls
> 6) Dissemination and promotion of the above
> The main objective is to have better protection of business and website
> owners against cyber-attacks against their websites, affecting their
> business and reputation and reducing the risk of spreading malware.
> Increasing the security of users and consumers by reducing the security
> threats created by malicious websites.
> Requests to you as project/chapter leaders:
> 1) Will/can you participate in this series of projects as part of the EC
> If YES let us know if you:
> a) spare a few cycles and provide immediate input into the work packages
> mentioned above?
> b) want to be listed as project / project leader that will participate
> later in the EC project?
> 2) Request for ideas / projects that can be integrated in the EC project,
> examples are OWASP Top 10 for European SMEs, detailed taxonomy of SME web
> application risks, vulnerabilities and countermeasures, tool
> development/ready to install packaging of ESAPI, ModSecurity rulesets,
> AppSensor, specific acquisition guidelines, testing tools & methodologies,
> SAMM for SMEs, …. ?
> 3) Request for project leaders / volunteers to align (part of) your
> activities and project investments (time and funding) with the EC project
> and funding?
> We will need your input in the coming week for it to be integrated in the
> current proposal.
> *Counting on your support.*
> *Kind regards,*
> *Seba / Samantha*
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders