GSoC

From OWASP
Revision as of 11:45, 23 February 2012 by Fabio.e.cerullo (Talk | contribs)

Jump to: navigation, search

All students and developers are welcome to participate in the Google Summer of Code 2012 program along with OWASP.

Here are the instructions on how to participate.

Instructions common to all participants

All participants should take a look at the Summer of Code Program Wiki every now and then to be informed about updates and advices. It is also important to read the Summer of Code FAQ, as it contains useful information. All participants will need a Google account in order to join the program. You'll save some time if you create one now.

Programming Language

While the majority of OWASP tools are developed using C++/Java, we do accept other languages, including (but not limited to) Python, Ruby and C#. C++ will be accepted for any project. Submissions and ideas for projects in any other language should specifically mention the choice.

Instructions for students

Students wishing to participate in Summer of Code must realise this is more than a mere formality. You will be required to produce code for the selected OWASP Project in 3 months. You will also take some resources from OWASP project leaders, who will dedicate a portion of their time to mentor you. Therefore, we'd like to have candidates who are committed to helping OWASP mission. You don't have to be a proven developer -- in fact, this whole program is meant to facilitate joining OWASP and other Open Source communities. However, experience in coding and applications is welcome.

You should start familiarising yourself with the components that you plan on working on before the start date. OWASP developers are available on mailing lists for help. Note that the timeline from Google reserves a lot of time for bonding periods: use those periods wisely.

General instructions

First of all, please read the instructions common to all participants and the GSoC FAQ. Pay special attention to the Eligibility section of the FAQ.

Recommended steps

  • Read Google's instructions for participating
  • Take a look at the list of ideas
  • Come up with project that you're interested in
  • Write a first draft proposal and get someone to review it for you
  • Submit it using Google's web interface

Coming up with an interesting idea is probably the most difficult part of all. It should be something interesting for an OWASP Project, and more importantly for you. It also has to be something that you can realistically achieve in the time available to you.

Finding out what the most pressing issues are in the projects you're interested in is a good start. You can optionally join the mailing lists for that project: you can make acquaintance with developers and your potential mentor, as well as start learning the codebase. We recommend strongly doing that and we will look favourably on applications from students who have started to act like Open Source developers.

Student proposal guidelines

A project proposal is what you will be judged upon. So, as a general recommendation, write a clear proposal on what you plan to do, what your project is and what it is not, etc. Several websites now contain hints and other useful information on writing up such proposals. OWASP does not require a specific format or specific list of information, but there is an application template on the OWASP page in Google Melange with some specific points that you should address in your application:

  • Who are you? What are you studying?
  • What exactly do you intend to do? What will not be done?
  • Why are you the right person for this task?
  • To what extent are you familiar with the software you're proposing to work with? Have you used it? Have you read the source? Have * you modified the source?
  • How many hours are you going to work on this a week? 10? 20? 30? 40?
  • Do you have other commitments that we should know about? If so, please suggest a way to compensate if it will take much time away from Summer of Code.
  • Are you comfortable working independently under a supervisor or mentor who is several thousand miles away, not to mention 12 time zones away? How will you work with your mentor to track your work? Have you worked in this style before?
  • If your native language is not English, are you comfortable working closely with a supervisor whose native language is English? What is your native language, as that may help us find a mentor who has the same native language?
  • Where do you live, and can we assign a mentor who is local to you so you can meet in a coffee shop for lunch?

After you have written your proposal, you should get it reviewed. Do not rely on the OWASP mentors to do it for you via the web interface: they will only send back a proposal if they find it lacking. Instead, ask a colleague or a developer to do it for you.

Hints

Submit your proposal early: early submissions get more attention from developers for the simple fact that they have more time to dedicate to reading them. The more people see it, the more it'll get known.

Do not leave it all to the last minute: while it is Google that is operating the webserver, it would be wise to expect a last-minute overload on the server. So, make sure you send your application before the final rush. Also, note that the applications submitted very late will get the least attention from mentors, so you may get a low vote because of that.

Keep it simple: we don't need a 10-page essay on the project and on you (Google won't even let you submit a text that long). You just need to be concise and precise.

Know what you are talking about: the last thing we need is for students to submit ideas that cannot be accomplished realistically or ideas that aren't even remotely related to OWASP Projects. If your idea is unusual, be sure to explain why you have chosen OWASP to be your mentoring organisation.

Aim wide: submit more than one proposal, to different OWASP Projects. We also recommend submitting to more than one organisation too. This will increase your chances of being chosen.

The PostgreSQL project has also released a list of hints that you can take a look.