Projects Reboot 2012 - OWASP Eliminate Vulnerable Code

1)	Project name: OWASP Eliminate Vulnerable Code Project[]

2)	Description: Eliminate Vulnerable Code Project is geared at identifying and removing vulnerable code samples from the public domain. The project has 4 main areas of interest:

i)	Internet Web Forums

ii)	Educational Institutions

iii)	Printed Materials

iv)	Open source software

3)	Project Team Leader: Waqas Nazir and we already have about 15 contributors for the project.

4)	Re boot type: Type 1

5)	Goals of the reboot: The goals for the reboot are divided into the following main areas:

i)	Internet Web Forums: The Evc Probe scanner needs more rules to be added to scan for other development languages. Currently it is only looking for a small set of issues in .NET and Java code. The hope is to add 50 more checks.

ii)	Educational Institutions: Work with at least two educational institutions to review their software development curriculums to identify any insecure code being used to teach developers.

iii)	Printed Materials: Review at least one software development book to identify any insecure code being used as references.

iv)	Open source software: Identify 1 high impact open source software to begin static analysis and manual review with the help of OWASP members.

v)	Prime sponsor: List OWASP as a prime sponsor on

6)	Timeline: The timeline for the aforementioned goals is as follows:

i)	Internet Web Forums:

50 % milestone = 25 new checks (August 30th, 2012).

100 % milestone = 50 new checks (September 15th, 2012).

ii)	Educational Institutions:

50 % milestone = work with and complete analysis of first curriculum

100 % milestone = work with and complete analysis of second curriculum

iii)	Printed Materials:

100 % milestone = Identify and work on one software development book to identify insecure code being used as reference.

iv)	Open source software:

50 % milestone = Identify 1 high impact open source software for review and create the review team with OWASP leaders (August 15th, 2012).

100 % milestone = Document and complete initial analysis (September 30th, 2012)

v)	Prime sponsor: 100 % milestone = List OWASP as a prime sponsor on

7)	Budget:

USD 10 K for prime sponsorship of EVC Project.

Sponsorship benefits are listed here:

25 % of the funds will go for developing new checks for the Evc Probe scanner.

50 % of the funds will go for the development of the review process for educational institutions, printed materials, and open source software.

25 % will go towards organizing the reviews and co-ordination of the review activities.