Difference between revisions of "OWASP Summer of Code 2008"

From OWASP
Jump to: navigation, search
(Updates)
 
(28 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{|  
 
{|  
! width="500" align="left"|
+
! width="700" align="center" |  
! width="300" align="center" |  
+
 
! width="500" align="center" |  
 
! width="500" align="center" |  
 
|-
 
|-
| align="center"|__TOC__
 
 
| align="center"|[[Image:SoC 08 Logo.jpg]]
 
| align="center"|[[Image:SoC 08 Logo.jpg]]
 
| align="left"|
 
| align="left"|
* '''Main Links'''   
+
*'''MAIN LINKS'''   
 
* [[OWASP Summer of Code 2008 Press Release|Press Release]]   
 
* [[OWASP Summer of Code 2008 Press Release|Press Release]]   
 
* [http://owaspsoc2008.wordpress.com/ OWASP Summer of Code 2008 Blog]  
 
* [http://owaspsoc2008.wordpress.com/ OWASP Summer of Code 2008 Blog]  
 +
* [[OWASP Request for Proposal List|Request for Proposal List]]
 
* [[OWASP Summer of Code 2008 Applications|Applications]]  
 
* [[OWASP Summer of Code 2008 Applications|Applications]]  
 
* [[OWASP Summer 0f Code 2008 : Selection|Jury's evaluation/selection of applications]]  
 
* [[OWASP Summer 0f Code 2008 : Selection|Jury's evaluation/selection of applications]]  
 
* [[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers|Approved projects, authors, status target and reviewers]]  
 
* [[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers|Approved projects, authors, status target and reviewers]]  
 
* [[OWASP Summer of Code 2008 Projects - Half Term Payments|Half term payments]]  
 
* [[OWASP Summer of Code 2008 Projects - Half Term Payments|Half term payments]]  
* [[OWASP Summer of Code 2008 Projects - Project Completion Payments|Project Completion Payments]]
+
* [[OWASP Summer of Code 2008 Projects - Project Completion Payments|Project completion payments]]
 
* [[OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
 
* [[OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
 +
* [http://docs.google.com/Doc?id=dcn8962c_41hjg48kd4 Project's current status]
 
   |}
 
   |}
 +
<br>
 +
==== Projects ====
 +
{| class="wikitable" style="text-align:center"
 +
! width="800" height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''100% Completion Projects'''
 +
! width="400" align="CENTER" | '''Author'''
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Testing Project|OWASP Testing Guide v3]]'''
 +
| align="CENTER" | Matteo Meucci
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Ruby on Rails Security Guide V2|OWASP Ruby on Rails Security Guide v2]]'''
 +
| align="CENTER" | Heiko Webers
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Live CD 2008 Project|OWASP Live CD 2008 Project]]'''
 +
| align="CENTER" | Matt Tesauro
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Code Review Project|OWASP Code review guide, V1.1]]'''
 +
| align="CENTER" | Eoin Keary
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP AntiSamy Project .NET| OWASP AntiSamy .NET]]'''
 +
| align="CENTER" | Arshan Dabirsiaghi
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP .NET Project#OWASP .NET Project Leader|OWASP .NET Project Leader]]'''
 +
| align="CENTER" | Mark Roxberry
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE"|'''[[:Category:OWASP Source Code Review OWASP Projects Project|OWASP Source Code Review OWASP Projects]]'''
 +
| align="CENTER" | James Walden
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP AppSensor Project|OWASP AppSensor - Detect and Respond to Attacks from Within the Application]]'''
 +
| align="CENTER" | [mailto:michael.coates(at)aspectsecurity.com Michael Coates]
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Backend Security Project|OWASP Backend Security Project]]'''
 +
| align="CENTER" | Carlo Pelliccioni
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Securing WebGoat using ModSecurity Project|OWASP Securing WebGoat using ModSecurity]]'''
 +
| align="CENTER" | Stephen Evans
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Teachable Static Analysis Workbench Project|OWASP Teachable Static Analysis Workbench]]'''
 +
| align="CENTER" | [mailto:ddk(at)cs.msu.su Dmitry Kozlov] and Igor Konnov
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Access Control Rules Tester Project|OWASP Access Control Rules Tester]]'''
 +
| align="CENTER" | Andrew Petukhov
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Skavenger Project|OWASP Skavenger]]'''
 +
| align="CENTER" | [mailto:mro(at)securenet.de Matthias Rohr]
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP OpenSign Server Project|OWASP Online code signing and integrity verification service for open source community (OpenSign Server)]]'''
 +
| align="CENTER" | Phil Potisk and Richard Conway
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Code Crawler|OWASP Code Crawler ]]'''
 +
| align="CENTER" | Alessio Marziali
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp]]'''
 +
| align="CENTER" | Arturo 'Buanzo' Busleiman
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Application Security Verification Standard Project|OWASP Application Security Verification Standard]]'''
 +
| align="CENTER" | Mike Boberski
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Classic ASP Security Project|OWASP Classic ASP Security Project]]'''
 +
| align="CENTER" | Juan Carlos Calderon
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP JSP Testing Tool Project|OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool)]]'''
 +
| align="CENTER" | Jason Li
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Sqlibench Project|OWASP SQL Injector Benchmarking Project (SQLiBENCH)]]'''
 +
| align="CENTER" | [mailto:urgunb@hotmail.com Bedirhan Urgun] and [mailto:mesut@h-labs.org Mesut Timur]
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:OWASP Spanish|OWASP Spanish Project]]'''
 +
| align="CENTER" | Juan Carlos Calderon
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:OWASP Internationalization|OWASP Internationalization Guidelines Project]]'''
 +
| align="CENTER" | Juan Carlos Calderon
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:GTK plus GUI for w3af Project|GTK+ GUI for w3af project]]'''
 +
| align="CENTER" | Facundo Batista
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Book Cover & Sleeve Design|OWASP Book Cover & Sleeve Design]]'''
 +
| align="CENTER" | LXstudios, [mailto:deb@lxstudios.com Deb Brewer]
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Individual and Corporate Member Packs plus Conference Attendee Packs Brief|OWASP Individual & Corporate Member Packs, Conference Attendee Packs Brief]]'''
 +
| align="CENTER" | LXstudios, [mailto:deb@lxstudios.com Deb Brewer]
 +
|}
 +
{| class="wikitable" style="text-align:center"
 +
! width="800" height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''Projects Above 50% Completion'''
 +
! width="400" align="CENTER" | '''Author'''
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Orizon Project|OWASP Orizon Project]]'''
 +
| align="CENTER" | Paolo Perego
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP ASDR Project|OWASP Application Security Desk Reference (ASDR)]]'''
 +
| align="CENTER" | Leonardo Cavallari Militelli
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|OWASP Application Security Tool Benchmarking Environment and Site Generator refresh]]'''
 +
| align="CENTER" | Dmitry Kozlov
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Education Project|OWASP Education Project]]'''
 +
| align="CENTER" | Martin Knobloch
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Python Static Analysis Project|OWASP Python Static Analysis]]'''
 +
| align="CENTER" | Georgy Klimov
 +
|}
 +
{| class="wikitable" style="text-align:center"
 +
! width="800" height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''Projects Below 50% Completion'''
 +
! width="400" align="CENTER" | '''Author'''
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]'''
 +
| align="CENTER" | [mailto:bunyamin@owasp.org Bunyamin Demir]
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Positive Security Project|OWASP Positive Security Project]]'''
 +
| align="CENTER" | Eduardo Vianna de Camargo Neves
 +
|}
 +
{| class="wikitable" style="text-align:center"
 +
! width="800" height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''Inactive Projects'''
 +
! width="400" align="CENTER" | '''Author'''
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:OWASP Corporate Application Security Rating Guide|OWASP Corporate Application Security Rating Guide]]'''
 +
| align="CENTER" | Parvathy Iyer
 +
|-
 +
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Interceptor Project|OWASP Interceptor Project - 2008 Update]]'''
 +
| align="CENTER" | Justin Derry
 +
|}
  
== Updates ==
+
==== Historical Information ====
* [[OWASP Summer of Code 2008 Previous Updates|Clik here to see OWASP Summer of Code's 2008 '''Previous Updates''']]
+
  
* '''SEPTEMBER 7, 2008'''
+
{|
Hello everyone,
+
! width="200" align="left"|
 
+
! width="1000" align="left"|
I hope you are well.
+
|-
 
+
| align="left"|__TOC__
Time flies, and as you know, we are almost reaching September 15, the initially established OWASP Summer of Code 2008 (SoC’s) deadline.
+
| align="left"|
 
+
== Updates ==
Therefore, less than ten days to the season of code’s expiring date, we thank those of you that are keeping the schedule and we challenge the remainder to make an effort to make up for this delay.
+
 
+
However, as we are working to have as many of you as possible attending the OWASP EU Summit Portugal 2008, we have decided to postpone the above-referred deadline to the possible maximum – '''the new SoC’s deadline will be the first day of the Summit, that is to say November 4'''.
+
 
+
We are still shaping the [[OWASP EU Summit 2008|event wiki page]] but it was already agreed to hold a four-day OWASP gathering to discuss OWASP strategic issues and present all OWASP relevant projects. This first OWASP Summit will take place in Algarve [http://maps.google.co.uk/maps?f=q&hl=en&geocode=&q=Aeroporto+de+Faro,+Montenegro,+Faro,+8005,+Portugal&ie=UTF8&ll=37.096812,-7.967834&spn=0.531245,1.235962&z=10&iwloc=addr (Faro is the nearest airport)], Portugal, in the well-equipped seaside [http://www.granderealsantaeulaliahotel.com/index.html Hotel Santa Eulália], between the 4th and the 7th of November 2008.
+
 
+
In the first two days, the event will have the format of Working Sessions to openly discuss and decide on several OWASP projects and issues, e.g., OWASP Strategic Planning, OWASP Top 10 2009, Winter Of Code 2009, EASPI Project, Code Review Version 2, Testing Guide Version 4, OWASP Application Security Desk Reference (ASDR), OWASP Certifications, OWASP Awards and OWASP Website. Of course, we count on you to join the discussion and contribute to the final decisions.
+
  
As announced before, the remaining period of two days will consist of a two-day conference, where more than 40 OWASP specific presentations will be held. Again, we most definitely count on you to present your project.
+
''' FEBRUARY  7, 2009''' - '''OWASP SUMMER OF CODE 2008 - CLOSING PROCESS.'''
  
'''Regarding the rules to qualify to have the Summit attendance expenses partially paid, we are also setting up the following:
+
# Even if the OWASP Summer of Code final deliveries were expected to be ready to be presented in the OWASP Summit i.e. by November, 4th, 2008, it has been agreed that '''all projects totally completed until Monday the 16th March, 2009, can still be paid'''. Please make a last effort and find a couple of cycles to close this matter and allow us to send you off the second part of your much deserved payment.
'''
+
# Drum Roll! '''The new season of code is being designed and will be soon launched!'''
# Until September 15, at least the 50% completion point must have been reached, the 50% self-evaluation must have been performed and, at least, one of the two reviews must have been done.
+
* [[OWASP Summer of Code 2008 Previous Updates|'''Previous Updates''']].
# Until September 15, both project leaders and reviewers must sign their intention of attending the Summit by adding their names [[OWASP EU Summit 2008 Paid Participants|'''here''']].
+
|}
# Until November 4, the project must be entirely complete, reviewed and ready to be publicly presented at the Summit.
+
# Exceptions to these rules can be considered by OWASP Board under formal request made until September 15 by project leaders whose projects are specially extensive and complex.
+
 
+
'''In what respects to the level of expenses that will be paid, the following rules have been established:'''
+
 
+
# With the exceptions below, all accommodation and meal expenses, during all the four days, will be paid.
+
# As we are still seeking out for financial sponsorship support, until further notice, none of the dinners will be paid.
+
# The meals consist of a pre-negotiated menu and just this will be paid.
+
# The accommodation will consist in a place in a shared T 1 (3 people) or T2 (5 people) apartment. Therefore, even though one can choose an individual room, OWASP will pay only for the cost associated with a shared stay. 
+
# Please note that the nights of 3 and 7 of Nov will be included in the paid accommodation for those of you attending the whole event.
+
# Regarding the flight expenses, OWASP will pay a maximum of 900 US dollars to all non-European attendees and 500 to the European ones.  
+
# The operational model to book accommodations and flights is not finished yet but, as soon as possible, more details will be given.
+
 
+
On the whole, if you accept our challenge to be at the OWASP EU Summit 2008 to present your project and engage the discussion at one, or more, Working Sessions and if you qualify to have your expenses partially paid, please add your name right [[OWASP EU Summit 2008 Paid Participants|'''here''']]. Please do '''not forget to add the name of your city/airport of departure'''.
+
 
+
Nevertheless, although we start with a good budget to cover expenses (150,000 USD), it will not be enough to cover the current projected number of OWASP participants. Therefore, if you can convince your company to pay for some or all of your expenses please do so and, on the other flip of the coin, we can advertise its logo at the conference materials - more details about sponsorship opportunities will be sent later on.
+
 
+
To conclude, I will be here if you need further assistance, however, as I am releasing all the information and details already stabilized, the best way to keep yourself up to date and informed about the event is to visit regularly its wiki page.
+
 
+
Keep up the good work - I am looking forward to seeing you in Portugal!
+
 
+
Many thanks, best regards,
+
 
+
Paulo Coimbra, OWASP Foundation Project Manager 
+
 
+
* [[OWASP Summer of Code 2008 Previous Updates|Clik here to see OWASP Summer of Code's 2008 '''Previous Updates''']]
+
  
 
== Overview ==
 
== Overview ==
Line 144: Line 230:
 
* The funds available will be allocated to select projects. However, strong proposals will be accepted by majority vote of the OWASP Board before the final project selection. Remaining budget will be allocated to remaining projects.
 
* The funds available will be allocated to select projects. However, strong proposals will be accepted by majority vote of the OWASP Board before the final project selection. Remaining budget will be allocated to remaining projects.
 
* Note: The referred budget allocation is just a guideline and the final values will be adjusted based on the successful proposals.
 
* Note: The referred budget allocation is just a guideline and the final values will be adjusted based on the successful proposals.
 +
 +
<headertabs/>
 +
 +
[[Category:OWASP Season of Code]]

Latest revision as of 18:18, 31 August 2009

SoC 08 Logo.jpg


Projects

100% Completion Projects Author
OWASP Testing Guide v3 Matteo Meucci
OWASP Ruby on Rails Security Guide v2 Heiko Webers
OWASP Live CD 2008 Project Matt Tesauro
OWASP Code review guide, V1.1 Eoin Keary
OWASP AntiSamy .NET Arshan Dabirsiaghi
OWASP .NET Project Leader Mark Roxberry
OWASP Source Code Review OWASP Projects James Walden
OWASP AppSensor - Detect and Respond to Attacks from Within the Application Michael Coates
OWASP Backend Security Project Carlo Pelliccioni
OWASP Securing WebGoat using ModSecurity Stephen Evans
OWASP Teachable Static Analysis Workbench Dmitry Kozlov and Igor Konnov
OWASP Access Control Rules Tester Andrew Petukhov
OWASP Skavenger Matthias Rohr
OWASP Online code signing and integrity verification service for open source community (OpenSign Server) Phil Potisk and Richard Conway
OWASP Code Crawler Alessio Marziali
OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Arturo 'Buanzo' Busleiman
OWASP Application Security Verification Standard Mike Boberski
OWASP Classic ASP Security Project Juan Carlos Calderon
OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool) Jason Li
OWASP SQL Injector Benchmarking Project (SQLiBENCH) Bedirhan Urgun and Mesut Timur
OWASP Spanish Project Juan Carlos Calderon
OWASP Internationalization Guidelines Project Juan Carlos Calderon
GTK+ GUI for w3af project Facundo Batista
OWASP Book Cover & Sleeve Design LXstudios, Deb Brewer
OWASP Individual & Corporate Member Packs, Conference Attendee Packs Brief LXstudios, Deb Brewer
Projects Above 50% Completion Author
OWASP Orizon Project Paolo Perego
OWASP Application Security Desk Reference (ASDR) Leonardo Cavallari Militelli
OWASP Application Security Tool Benchmarking Environment and Site Generator refresh Dmitry Kozlov
OWASP Education Project Martin Knobloch
OWASP Python Static Analysis Georgy Klimov
Projects Below 50% Completion Author
OWASP WeBekci Project Bunyamin Demir
OWASP Positive Security Project Eduardo Vianna de Camargo Neves
Inactive Projects Author
OWASP Corporate Application Security Rating Guide Parvathy Iyer
OWASP Interceptor Project - 2008 Update Justin Derry

Historical Information

Contents

Updates

FEBRUARY 7, 2009 - OWASP SUMMER OF CODE 2008 - CLOSING PROCESS.

  1. Even if the OWASP Summer of Code final deliveries were expected to be ready to be presented in the OWASP Summit i.e. by November, 4th, 2008, it has been agreed that all projects totally completed until Monday the 16th March, 2009, can still be paid. Please make a last effort and find a couple of cycles to close this matter and allow us to send you off the second part of your much deserved payment.
  2. Drum Roll! The new season of code is being designed and will be soon launched!

Overview

  • OWASP is now launching the Summer of Code 2008 (SoC 2008), following the previous OWASP Spring of Code 2007 (SpoC 07), in which 21 projects were sponsored with a budget of US$117,500, and the OWASP Autumn of Code 2006 (AoC 06), in which 9 projects were sponsored with a budget of US$20,000.
  • The SoC 2008 is an open sponsorship program were participants/developers are paid to work on OWASP (and web security) related projects.
  • The SoC 2008 is also an opportunity for external individual or company sponsors to challenge the participants/developers to work in areas in which they are willing to invest additional funding.
  • The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.

Who Can Apply?

  • The only requirement is that the candidate shows the potential to accomplish the project's objectives/deliveries and the commitment to dedicate the time required to complete it in the appropriate period.
  • Current active OWASP Project Contributors (including Project leaders) are encouraged to apply.
  • No member of the OWASP board is allowed to apply for a SoC 2008 sponsorship.
  • There are no any other restrictions on who can apply for a SoC 2008 sponsorship.

How To Participate (To Developers)

  • Ideas to work can be chosen from:
  • To submit a project you have to post it on the OWASP Summer of Code 2008 Applications Page.
    • Please see AoC 06 and SpoC 07 for contents to be included in the Application
    • Note that no sensitive personal details should be posted in that page, i.e., full name, postal address, email, and so on.
  • Once your application is published on the WIKI, send an email to Paulo Coimbra with the following details:
    • Project name;
    • Contact details, i.e., full name, postal address and email.
  • Both Paulo Coimbra and Dinis Cruz can also be contacted for further discussion on issues related to SoC 2008 applications, i.e., project ideas, review of draft applications, etc..

Schedule

  • 3rd March – SoC 2008 season of code is officially launched. Start date for submitting applications.
  • 25th March - Deadline for project applications.
  • 16th April – Publishing of selected applications and start of SoC 2008 projects.
  • 29th June - Participants to report on project status.
  • 15th September - Project completion. Participants should deliver final project report.
  • The new SoC’s deadline will be the first day of the Summit, that is to say November 4.

Jury and Selection Criteria

  • Jury: OWASP Board Members (Jeff Williams, Dave Wichers, Tom Brennan, Sebastien Deleersnyder and Dinis Cruz).
  • There are two methods to select SoC 2008 projects:
    • By direct majority vote (3 out of 5) by the Jury;
    • By selection rating using the criteria defined below.
      • Each project will receive a rating from 1 to 5 on the following categories by each Jury. The final result will be the total value.
        • On the Project:
          • Complete status - What will be the final Completeness State?
          • Complexity - What is the project Complexity and Size?
          • Member Value - How big is the potential added value to Owasp Members?
          • Brand Value - How big is the potential added value to the Owasp Brand?
        • On the Candidate:
          • Past Work - Value of past contributions to OWASP Projects;
          • Deliverability - Proven capability to deliver;
          • Qualitty of Proposal - Global quality of the proposal submited.

Operational Rules

  • Whenever possible the participant should suggest a SoC 2008 Project Reviewer, which will be responsible for reviewing the project’s deliverables and authorize payments.
  • All and each Project Reviewer suggested by participants has to be confirmed by majority vote of the OWASP Board.
  • Whenever the participants fail to suggest a SoC 2008 Project Reviewer, the OWASP Board, by majority vote, will appoint one. The same will happen whenever the reviewer suggested by the participant does not have the required approval.
  • Each and every project should have its Project Progress page always completely updated with all information regarding the project status.
  • The Project Reviewer will provide his assessment twice for each project, respectively with 50% and 100% claimed completion. The Project Reviewer will deliver his evaluation filling in his Project Reviewer Page.
  • Each new project should obtain Reviewers’ agreement that, at least, a Beta Quality stage was achieved.
  • Each project built on previous work done within OWASP (Existing OWASP Projects) should obtain Reviewers’ agreement that a Release Quality stage was achieved.
  • Projects Final Deliveries will be evaluated by an assigned SoC 2008 Reviewer. However, the Jury will provide final oversight.
  • Payments will be made, via Pay Pal, in two instalments, respectively 50% halfway and 50% on completion of the project.
  • Basically, if you do not deliver you will NOT be paid.

General Rules

  • By taking part on SoC 2008, the participant will authorize OWASP to host and advertise without any limitations his participation and all related contents including proposal and all deliveries.
  • All tools, documentation, or any other materials whatsoever, created by the participants within SoC 2008 context must be released under an Open Source Initiative approved license. However, the participant may mirror development on her/his personal infrastructure at her/his option.
  • Participants and OWASP is free to use the results, including code, of the SoC's 2008 code in any way they choose provided it is not in conflict with the license under which the code was developed.
  • OWASP reserves the right, at its sole discretion, to revoke any, and all, privileges associated with participating in this program, and to take any other action it deems appropriate, for no reason or any reason whatsoever. OWASP reserves the right to cancel, terminate or modify the program if it is not capable of completion as planned for any reason.
  • Any situation arising not included in the above mentioned set of rules will be decided according to the discretionary judgement of OWASP Board.

SoC 2008 Budget

  • The initial Budget for SoC 2008 will be US$100,000, and it is funded by OWASP.
  • In parallel with the Request for Proposals, OWASP is also doing a membership drive where all membership fees committed during that period will be allocated to SoC 2008 projects (the new members have the option to choose which projects they would like to sponsor).
  • The funds available will be allocated to select projects. However, strong proposals will be accepted by majority vote of the OWASP Board before the final project selection. Remaining budget will be allocated to remaining projects.
  • Note: The referred budget allocation is just a guideline and the final values will be adjusted based on the successful proposals.