OWASP Spring Of Code 2007

Main Links

 * OWASP Spring Of Code 2007 - main page
 * OWASP Spring Of Code 2007 : Press Release - The press release
 * OWASP Spring Of Code 2007 : Selection - The selection criteria and links to each selected project page

Updates

 * 11 Mar 2007 - Submission period is Open!

Overview


The OWASP Spring of Code 2007 (SpoC 007) aims at financially sponsoring contributions to OWASP Projects. SpoC 007 follows up the successfull OWASP Autumn Of Code 2006 in which 9 projects were boosted to the next level.

The objective is to improve the selected OWASP projects to a the level of completeness and professionalism required for its wide use and deployment. To support this second phase we will use funds generated by past conferences and membership fees. We will also ask OWASP members if they want to sponsor specific projects. SPI Dynamics will alloacte their membership fees to the OWASP Site Generator (OSG) project. The Initial Budget will be $100,000 ($91k from OWASP and $9k from SPI Dynamics). Plus any additional funds we get from potential contributors during the coming weeks.

We are also introducing some new stuff, you will probably find interesting, such as 10 'Donations to Open Source projects' and the split-up in different size projects.

The OWASP Spring Of Code 2007 was lauched on the 12th of March 2007 (see OWASP Spring Of Code 2007 : Press Release) and is not connected to the Google Summer of Code.

For more details please contact Dinis Cruz (dinis.cruz@owasp.net) directly.

Project Overview (initial budget)
Note: OSG (OWASP Site Generator) will be at least $9K so it might be the large project, or it might be 2 Big projects. It just depends on what is proposed and the size of the team working on it.
 * $20,000 on 1 Large project
 * $40,000 on Big projects - 8 projects @ $5,000 each
 * $20,000 on Medium projects - 8 projects @ $2,500 each
 * $10,000 on 1 internship (at Aspect's offices)
 * $10,000 on Donations to Open Source projects: 10 donations of $1,000 each
 * Projects will be managed by the OWASP Project leader and by Andrew van der Stock, Jeff Williams or Dinis Cruz.
 * Payments will be made via PayPal in 2 stages: 50% halfway and 50% on completion.

10 Donations to Open Source projects
OWASP Members (and only the members) get to vote of the top 10 Open Source projects they use regularly and really find useful. OWASP gives each corporate member 10 points and individual members 1 point (any ideas on how which website we should use for this?).

This would exclude OWASP projects since they can apply to SpoC. Naturally the payment would be made to the top 10 voted projects. The payment would be a no-strings attached "Thanks for the hard work in creating this tool (which is widely used and appreciated in the OWASP community) and please keep working on the next version".

Who can Apply
There are no geographical, age or any other form of restrictions of who can apply for an "OWASP Spring Of Code 2007" sponsorship.

The only requirement is that the candidate shows the potential to accomplish the project's objectives and the commitment to dedicate the time required to complete it in the allocated time frame (projects must be completed by 29th June 2007).

This means that current active Owasp Project contributors (including Project leaders) can apply (for obvious reasons, the only ones that can't apply are Dinis, Dave, Jeff and Andrew)

How To Participate
Pick a project from the list below, and send to Dinis Cruz (dinis.cruz@owasp.net) the following details:


 * Your contact details
 * Which project you want to be involved in
 * Why you should be sponsored for the project
 * What are the objectives and deliverables

Project ideas: (to be reworked)


 * Help to Complete V2.0 of WebScarab and package it as product
 * Write more lessons for WebGoat, integrate it with SiteGenerator and release it as a product
 * Help to complete the 'Pantera Web Assessment Studio Project' and release it as a product
 * Complete the Owasp Top 10 2007
 * Complete the Owasp Testing Guide
 * Complete the 'Owasp membership pack'
 * Complete the 'Owasp Live CD'
 * OWASP Honeycomb Project: Normalize the CLASP and VulnCat data and help to release the Honeycomb user's guide
 * Complete all OWASP .Net web tools (ANSA, SAM'SHE, Asp.Net reflector, etc..) and release them as a product
 * Complete the project OWASP Site Generator and release it as a product
 * Complete the project OWASP Report Generator (ORG) and release it as a product
 * Organize the 'OWASP branding project' and make a 1st pass at the current abuses of the OWASP brand
 * Create Training materials for OWASP projects (from tools to guides)
 * WebMaster the Owasp.org website for 3 months and implement all missing functionality
 * Complete Dinis Cruz' research on .Net partial trust and create a Proof of Concept application showing how .Net's Partial Trust Sandbox can be used to mitigate against most Web Application Attacks (extra bonus points if a Java demo is also delivered :)
 * for more ideas see the current project list at OWASP Project

Schedule

 * 11th March – 'OWASP Spring of Code' initiative is officially launched
 * 23nd March - Deadline for project proposals
 * 2nd April - Publish of selected projects and start of SpoC projects
 * 10th May - Participants to report on project status (and receive payment of inital 50%)
 * 16th May - Update of Project status on OWASP Conference in Italy
 * 29th June - Project Completion, participants to deliver final project report (and receive payment of final 50%)


 * 1st April - Start of Vote for the Donations to Open Source Projects
 * 30th April - End of Vote for the Donations to Open Source Projects
 * 17th May - Announcement of the winners of the '10 Donations to Open Source projects' on OWASP Conference in Italy

How To Sponsor
If your (i.e. your company) has a particular requirement which a current OWASP project has the potential to fulfill, and you realize that it will be cheaper for you to sponsor that project with a couple of developers, please contact Dinis Cruz with your requirements, ideas, time-scales and budget.

The Rules bit

 * You will need to authorize OWASP to publicize your participation in the program and the results of the program for the purposes of executing on program logistics, including but not limited to announcements of accepted proposals, the text of the accepted proposal and the resulting code from work on the project. Additional details solicited by OWASP as part of the application process, including URLs for personal blogs, will be shared with the public with the accepted applicant's permission.
 * All project's deliverables will be publicly hosted by OWASP.
 * All code / materials created by the participants must be released under an Open Source Initiative approved license. The participant may mirror development on her/his personal infrastructure at her/his option.
 * OWASP reserves the right, at its sole discretion, to revoke any and all privileges associated with participating in this program, and to take any other action it deems appropriate, for no reason or any reason whatsoever. OWASP reserves the right to cancel, terminate or modify the program if it is not capable of completion as planned for any reason.
 * Participants and OWASP is free to use the results, including code, of the OWASP Spring of Code Program in any way they choose provided it is not in conflict with the license under which the code was developed.
 * Basically, if you don't deliver you will NOT be paid
 * No member of the OWASP board is allowed to apply to a SpoC sponsorship (Dinis, Dave, Andrew and Jeff)

The important bit

 * yes there will be a t-shirt available for all participants