OWASP Season of Code 2009

This is a DRAFT page still under review by the Global Projects Committee

THEME: IMPROVE THE QUALITY OF EXISTING TOOL AND DOCUMENTATION PROJECTS

1 Updates 2 Overview 3 Who Can Apply? 4 How To Participate (To Developers) 5 Schedule 6 Jury and Selection Criteria 7 Operational Rules 8 General Rules 9 SoC 09 Budget 10 Overview 11 How to get involved 11.1 Participants 11.2 Mentors 11.3 Sponsors 12 Schedule 13 Budget 14 Selection Jury 15 Additional Information		Main Links Press Release Applications Jury's evaluation/selection of applications Approved projects, authors, status target and reviewers Half term payments Project completion payments

Updates

• MAY 6: OWASP SEASON OF CODE WILL BE LAUNCHED VERY SOON!
  • Deadline for project applications: (TBD)

Overview

• OWASP is now launching its Season of Code 2009 (SoC 09), following the previous OWASP Summer of Code 2008 in which 33 projects were approved and a budget of more than US$125,000 have been made available, the OWASP Spring of Code 2007 (SpoC 07), in which 21 projects were sponsored with a budget of US$117,500, and the OWASP Autumn of Code 2006 (AoC 06), in which 9 projects were sponsored with a budget of US$20,000.
• The SoC 2009 is an open sponsorship program were participants/developers are paid to work on OWASP (and web security) related projects.
• The SoC 2009 is also an opportunity for external individual or company sponsors to challenge the participants/developers to work in areas in which they are willing to invest additional funding.
• The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.

Who Can Apply?

• The only requirement is that the candidate shows the potential to accomplish the project's objectives/deliveries and the commitment to dedicate the time required to complete it in the appropriate period.
• Current active OWASP Project Contributors (including Project leaders) are encouraged to apply.
• No member of the OWASP board is allowed to apply for a SoC 09 sponsorship.
• There are no any other restrictions on who can apply for a SoC 09 sponsorship.

How To Participate (To Developers)

• Ideas to work can be chosen from:
  • Participants/developers’ own interest and choice, as long as the OWASP main objectives are considered;
  • Projects prioritized by the OWASP Board to be done with SoC 09 funds;
  • Existing OWASP Projects;
  • Projects directly linked to external individual or company sponsorship.
• To submit a project you have to post it on the OWASP Season of Code 2009 Applications Page.
  • Please see OWASP Summer of Code 2008 Applications Page, SpoC 07 and AoC 06 for contents to be included in the Application
  • Note that no sensitive personal details should be posted in that page, i.e., full name, postal address, email, and so on.
• Once your application is published on the WIKI, send an email to Global Projects Committee with the following details:
  • Project name;
  • Contact details, i.e., full name, postal address and email.
• The Global Projects Committee can be contacted for further discussion on issues related to SoC 09 applications, i.e., project ideas, review of draft applications, etc..

Schedule

• 11th May – OWASP SoC 09 is officially launched. Start date for submitting applications.
• TBD - Deadline for project applications.
• TBD – Publishing of selected applications and start of SoC 2008 projects.
• TBD - Participants to report on project status.
• TBD - Project completion. Participants should deliver final project report.

Jury and Selection Criteria

• Jury: OWASP Board Members (Jeff Williams, Dave Wichers, Tom Brennan, Sebastien Deleersnyder and Dinis Cruz).

• There are two methods to select SoC 09 projects:
  • By direct majority vote (3 out of 5) by the Jury;
  • By selection rating using the criteria defined below.
    • Each project will receive a rating from 1 to 5 on the following categories by each Jury. The final result will be the total value.
      • On the Project:
        • Complete status - What will be the final Completeness State?
        • Complexity - What is the project Complexity and Size?
        • Member Value - How big is the potential added value to Owasp Members?
        • Brand Value - How big is the potential added value to the Owasp Brand?
      • On the Candidate:
        • Past Work - Value of past contributions to OWASP Projects;
        • Deliverability - Proven capability to deliver;
        • Qualitty of Proposal - Global quality of the proposal submited.

Operational Rules

• Whenever possible the participant should suggest a SoC 09 Project Reviewer, which will be responsible for reviewing the project’s deliverables and authorize payments.
• All and each Project Reviewer suggested by participants has to be confirmed by majority vote of the OWASP Board.
• Whenever the participants fail to suggest a SoC 09 Project Reviewer, the OWASP Board, by majority vote, will appoint one. The same will happen whenever the reviewer suggested by the participant does not have the required approval.
• Each and every project should have its Project Progress page always completely updated with all information regarding the project status.
• The Project Reviewer will provide his assessment twice for each project, respectively with 50% and 100% claimed completion. The Project Reviewer will deliver his evaluation filling in his Project Reviewer Page.
• Each new project should obtain Reviewers’ agreement that, at least, a Beta Quality stage was achieved.
• Each project built on previous work done within OWASP (Existing OWASP Projects) should obtain Reviewers’ agreement that a Release Quality stage was achieved.
• Projects Final Deliveries will be evaluated by an assigned SoC 09 Reviewer. However, the Jury will provide final oversight.
• Payments will be made, via Pay Pal, in two instalments, respectively 50% halfway and 50% on completion of the project.
• Basically, if you do not deliver you will NOT be paid.

General Rules

• By taking part on SoC 09, the participant will authorize OWASP to host and advertise without any limitations his participation and all related contents including proposal and all deliveries.
• All tools, documentation, or any other materials whatsoever, created by the participants within SoC 09 context must be released under an Open Source Initiative approved license. However, the participant may mirror development on her/his personal infrastructure at her/his option.
• Participants and OWASP is free to use the results, including code, of the SoC's 09 code in any way they choose provided it is not in conflict with the license under which the code was developed.
• OWASP reserves the right, at its sole discretion, to revoke any, and all, privileges associated with participating in this program, and to take any other action it deems appropriate, for no reason or any reason whatsoever. OWASP reserves the right to cancel, terminate or modify the program if it is not capable of completion as planned for any reason.
• Any situation arising not included in the above mentioned set of rules will be decided according to the discretionary judgement of OWASP Board.

SoC 09 Budget

• The initial Budget for SoC 09 will be US$90,000, and it is funded by OWASP.
• In parallel with the Request for Proposals, OWASP is also doing a membership drive where all membership fees committed during that period will be allocated to SoC 09 projects (the new members have the option to choose which projects they would like to sponsor).
• The funds available will be allocated to select projects. However, strong proposals will be accepted by majority vote of the OWASP Board before the final project selection. Remaining budget will be allocated to remaining projects.
• Note: The referred budget allocation is just a guideline and the final values will be adjusted based on the successful proposals.

	File:SoC 2009 Logo.jpg	I want to... DELIVER a project MENTOR a project SPONSOR a project SoC 2009 Details Schedule Milestones Available Money Project Ideas Received Proposals Approved Projects

Overview

OWASP is proud to announce the 2009 Season of Code (SoC 2009)! This program is designed to allow participants to get paid for helping create and improve OWASP Projects. For anyone new to the SoC program, please refer to the OWASP Season of Code page for background information on the mechanics of the program.

How to get involved

You can

• submit a proposal for a grant as a Participant
• guide and review a project as a Mentor
• fund and direct new work as a Sponsor

Participants

Participating in an OWASP SoC 2009 project means that you'll be directly performing the work on the project and utilizing your Mentor(s) to help guide and review your work. Read about general expectations for participation.

To sign up to deliver a project:

• Review suggested ideas for proposals unless you already have a proposal in mind
• Prepare and submit a proposal according to the guidelines
• If you have a Mentor in mind, list them in the proposal. Otherwise, one will be assigned upon selection.

The selection Jury will evaluate proposals and notify selected Participants as per the schedule below.

If selected, Participant responsibilities include:

• Delivering the project as per the accepted proposal
• Working with the assigned Mentor to ensure Midterm and Final evaluations are performed on schedule.

Mentors

Mentoring an OWASP SoC 2009 project means that you'll be working closely with the Participant(s) selected to deliver your project. Read about general expectations for mentorship.

To sign up to mentor a project:

• Review suggested ideas for proposals and sign up to mentor one on that page
• If you have your own ideas for proposals, add them
• Review submitted proposals and sign up to mentor one on that page
• If you don't select a particular project but would like to be a mentor, just notify the Global Projects Committee and a project will be assigned to you

Mentor responsibilities include:

• Helping guide delivery and advising Participants on project development
• Working with project Participant(s) to ensure Midterm and Final evaluations are performed on schedule.

Sponsors

Sponsoring an OWASP SoC 2009 project is an easy way for an organization to leverage the OWASP talent pool to focus additional development work on a project of your choice. Read about general expectations for sponsorship

To sign up to sponsor a project:

• Notify the Global Projects Committee of your intent to sponsor a project
• Submit your ideas for proposals and/or suggested Mentors for your project
• Submit sponsorship payment to OWASP

Schedule

Here are some important dates and Milestones for the SoC 2009 program:

• 2/1/2009 - Solicitation of project ideas
• 3/1/2009 - Start of proposal submission
• 3/31/2009 - LAST DAY FOR PROPOSAL SUBMISSION
• 4/21/2009 - Project selection and notification completed

Budget

Grant amount for each project: $XXX USD (total)

• Upon on-track and successful Midterm evaluation
  • $XXXX to Participant
  • $XXX to Mentor
• Upon project completion and successful Final evaluation
  • $XXXX to Participant
  • $XXX to Mentor

The initial budget for the SoC 2009 will be $XXX,000 USD contributed by OWASP.

• OWASP expects to accept ~XX projects in the SoC 2009 program.
• Depending upon third-party Sponsorships received, additional projects may also be accepted.

Selection Jury

The SoC 2009 selection Jury consists of the following people:

• XXX
• XXX
• XXX

Additional Information

If there are any questions not answered by the resources on this page or on the OWASP Season of Code page, please contact the Global Projects Committee.