[Owasp-leaders] Your input/ help requested for EC grant project proposal?

Seba seba at owasp.org
Thu May 2 11:36:55 UTC 2013

Hi Johanna,

Thanks for your valuable input. See the email below that I am sending to
people who want to be involved.
Feel free to update/adjust the material in the folder referenced below and
let me know how to improve it.

Can you send me your tel number and Skype id: we would very much appreciate
your help in the coming days and with the project (if awarded)

I have also copied your email below in the share folder (I hope this is ok
for you?).



Take a look at the share Google Drive folder:
and start with the "read me 1st" doc to get yourself acquainted with the

currently we need high level input in terms of:
1) project(s) you have in mind including in the proposal
2) what improvements you want to include as part of the proposal and how
they map on the EC project objective(s)
3) an estimation of workload/resources/budget required to deliver this
4) who will be involved in doing this: you and/or organisation(s)
5) if EUR expenses are expected, where will it be spend on (has to be
within EU)
6) any project risks you see in your contribution(s)

Kind regards


On Thu, May 2, 2013 at 12:03 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi  Samantha
> This is my(draft) proposal idea based on what I spoke with you. This is
> just a concept on how I think you can create the proposal and my knowledge
> about how EU funds work for this part. What I know from EU funds is that
> the grant is provided depending on the goals you have accomplished and you
> get your funding as far as you deliver what you originally planned.
> Project Main objectives:
> *To improve the Quality Assurance of the OWASP open source tools and
> documentation/ user manuals related to these tools.*
> For the project period, we need to determine specific goals with project
> leaders .Most probably they have already identified  the highest priorities
> within their projects.It will be great if each project leader can send you
> a list of their improvement areas so the plan becomes concrete.
>  Right now we are very depended on volunteers and contributors to realize
> these improvements, but in this setup, we need to specify per projects
> which items require the most attention and then set them in a plan with a
> deliverable. Contributors will need to compromise to make this happen.This
> is the highest risk within the project.
> Project leaders will need to identify the specific areas where their
> project need the most work on this part. Once an inventory has been done, a
> specific budget could be allocated
> *Implementation plan
> *
> *Phase 1 (1 to 3 months)*:Evaluate the highest priorities for improvement
> within each OWASP project
> *
> *
> *Enhancement and bug fixing for Software projects *:Most projects , such
> as OWASP ZAP (for example) have a database of bugs ranking from higher to
> lower priority. The Project leader will need to identify which bugs need
> the fastest fix and using a scrum methodology we need to set this up in
> sprints to be able to deliver the fixes in a specific time.
> *
> *
> *Improve Documentation/ Video instructional videos and User manuals:*
> Make an inventory of the necessary documentation per project and their
> need of improvement. Create a budget for copy writers/editors or technical
> writers to help on this part
> *Visually Enhancement and editing of Instructional materials (such as
> Code review guide):*
> I think a nice design & editing can make this books look more appealing to
> readers
> *Get new contributors:*
>    - Recruit Contributors at Universities:Projects such as Google of
>    summer of code help to find new contributors, but in the case of this
>    project, we can look to team up with research students at different
>    universities. Part of this goal is to get candidates in their final year
>    who need a project to work on and OWASP can offer a platform for research
>    and development.Part of the budget could go to promote this activity. I
>    thinkis wise to allocate budget for promotional activities within
>    universities to recruit students
>    - Recruit contributors at Security Conferences:I think this is already
>    been done, but you can setup part of the budget for this activity within
>    the grant
> *
> *
> Phase 2( 6 months - 1 year): Planning & Execution*
> *
> *Define a time-plan of deliverable*
> Once the priorities has been identified within each project, it will be
> determined together with the project leader , a time planning with specific
> deliverable.
> Code Review Guide  has  a clear plan already for example, so you just need
> to add this on the project, also you could allocate more budget for Layout
> and design(just an idea)
> Software project Example:
> OWASP ZAP new report module improvement
> goal: create new reports (x, y, z) with visually appealing charts etc...
> Add new formats (PDF)
> Development: Sprint 1, Sprint 2, Sprint X...
>  User Functional Test period: 3 weeks...
> User Acceptance Test: 2 weeks
> Project time : 3 months
> *
> *
> *Execute plan*
> During a period of 7 months to 1 year, will team up with project leaders
> to deliver the goals setup in the plan.
> Phase 3( 6 months -to 1 year)
> Documentation & User manuals/ Video instructional videos after software
> improvements
> I think this is a big area that most tools can use since I think
> contributors dedicate a big deal in creating the tools but little in
> updating and improving user manuals, especially for first time users.
> Here, again based on the improvements done on the software tools/ manuals,
> we can allocate a budget for this each section.
> After having make improvements and changes in the software, the necessary
> update in manuals (maybe hire a graphic designer/ Video Editor) to make
> this more appealing. I think OWASP should consider that making
> documentation visual appealing is a very important part of getting the
> software appeal to more target groups.
> Phase 4 : Evaluation
> This is also important. In the end, we need to evaluate if we reached the
> goals originally setup and how far did we get.
> Let me know what you think of. Hope these ideas match the goals for this
> project and we can all benefit on this part. Count on me to contribute as
> part-time project manager to realize these goals in the proposal
> Best regards
> Johanna
> On Wed, May 1, 2013 at 1:40 PM, Seba <seba at owasp.org> wrote:
>> Dear All,
>> warning: big email - requests for you at the bottom :-)
>> In the last weeks we (Samantha and myself) have researched to partner
>> with LSEC (an independent not-for-profit network organisation uniting a
>> variety of experts of IT security, details on www.lsec.be) in Belgium to
>> respond to a call for projects from the European Commission (EC) within the
>> ICT PSP Competitiveness and Innovation Framework Programme (CIP) 2013, as
>> part of the EC Europe 2020 Strategy (details on http://ec.europa.eu/cip/with the call for projects on
>> http://ec.europa.eu/research/participants/portal/page/call_CIP).
>> The OWASP Europe legal entity will be used for this.
>> This is a project under Call 4, Trusted eServices, for the protection of
>> websites against attacks and stimulating the uptake of innovative ICT based
>> services and products. Which falls right within the OWASP body of knowledge.
>> The proposal should be submitted by mid-May, and upon positive evaluation
>> in May and June, could be awarded in July – September after a negotiation
>> process with the EC.
>> The project is set to start not before December 2013, with preparations
>> already starting Q4 2012.
>> Besides LSEC and OWASP the consortium consists of partners from industry
>> and government agencies including Atos (Spain),EII (Italy), ECO (Germany),
>> CERT.RO (Romania), XLAB (Slovakia) and also involves Academic partners
>> e.g. University of Leuven.
>> The EC will be funding the project up to 2.5 mio €, the partners in the
>> consortium should be funding the project for an amount equal to the
>> requested contribution from the EC. (50% financed by the EC).
>> This means we can:
>> 1) cover already foreseen costs from OWASP staff and projects (e.g. time
>> of Samantha and possibly a to be hired extra part time technical project
>> support contractor in Europe)
>> 2) double any projected investments/sponsoring in OWASP projects within
>> the coming 2,5 years
>> when these can be aligned with the EC project scope and can be spend
>> within Europe.
>> Samantha and myself are currently working on outlining the OWASP
>> involvement in a couple of work packages, covering topics as:
>> 1) Analysis of vulnerabilities in web applications
>> 2) Identification and classification of Vulnerabilities, risks and
>> challenges in web applications
>> 3) Development and improving tools and processes to protect web
>> applications
>> 4) Assistance in deploying web application security controls in
>> development/acquisition processes of web applications
>> 5) Verification of these controls
>> 6) Dissemination and promotion of the above
>> The main objective is to have better protection of business and website
>> owners against cyber-attacks against their websites, affecting their
>> business and reputation and reducing the risk of spreading malware.
>> Increasing the security of users and consumers by reducing the security
>> threats created by malicious websites.
>> Requests to you as project/chapter leaders:
>> 1) Will/can you participate in this series of projects as part of the EC
>> funding?
>> If YES let us know if you:
>> a) spare a few cycles and provide immediate input into the work packages
>> mentioned above?
>> b) want to be listed as project / project leader that will participate
>> later in the EC project?
>> 2) Request for ideas / projects that can be integrated in the EC project,
>> examples are OWASP Top 10 for European SMEs, detailed taxonomy of SME web
>> application risks, vulnerabilities and countermeasures, tool
>> development/ready to install packaging of ESAPI, ModSecurity rulesets,
>> AppSensor, specific acquisition guidelines, testing tools & methodologies,
>> SAMM for SMEs, …. ?
>> 3) Request for project leaders / volunteers to align (part of) your
>> activities and project investments (time and funding) with the EC project
>> and funding?
>> We will need your input in the coming week for it to be integrated in the
>> current proposal.
>> *Counting on your support.*
>> *Kind regards,*
>> *
>> *
>> *Seba / Samantha*
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130502/ef244cbb/attachment-0001.html>

More information about the OWASP-Leaders mailing list