Open Web Application Security Program – Global Projects Committee
Projects Infrastructure - Request for Proposals
| Intent To Submit
|| Submit Deadline
|| GPC Decision Deadline|
The OWASP Foundation came online on December 1st 2001 it was established as a 503(c) non-profit organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at OWASP. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. Our central wiki can be found at www.owasp.org.
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.
Since its inception as a repository for application security knowledge and information – OWASP has grown into a haven for security research tools and libraries aimed at helping organization improve the application security stance. Many of OWASP's first successful projects were documentation projects and as a result, our current infrastructure was designed around hosting projects in wiki format. However, many of our projects are now code-based tools or libraries and our current wiki infrastruction does not give us the flexibility necessary to manage these projects in a cohesive, reliable manner.
The OWASP Global Projects Committee is currently looking for proposals to provide a cohesive project hosting framework for developers and users.
- Provide an OWASP Branded Projects Portal page under which all OWASP Projects will be accessible and custom content can be loaded on to the page from dynamic sources – such as Twitter, Blogs, and Photostreams.
- Provide a cohesive suite of project hosting and lifecycle tools for OWASP Incubator, Labs, and Mainstream projects to aid in the success of the projects.
- Issue Management
- SCM (e.g. CVS, Subversion, Git, etc.)
- Anonymous Read Access
- Authenticated Commit Access
- Continuous Integration Build
- Support for building various languages including, but not limited to, C/C++, Java, .Net, ASP, and PHP
- Branded Project Wiki page
- Customizable (OWASP Branded) Project Homepage
- Project Metrics
- Active Commiters
- Average Issue Resolution Time
- Open/Resolved Issue Counts
- Mailing Lists / User Groups
- Downloads Page
- Ability to publish Native Language Document (Javadoc, PHPDoc, etc) for public consumptions
- Aggregate Metrics for all projects under the OWASP Umbrella for use on the projects portal page.
- This infrastructure should be provided and supported by a vendor with a reliable (tested) and hardened hosting solution.
- The ability to add additional services for projects on a per-project as-needed basis should be available either by providing a tool to add the service, or by submitting a support ticket to have the service added to the project by the vendor.
- An SLA (Service Level Agreement) for services rendered should be provided along with and considered part of the proposal
How to Submit
Please send all proposals, via email to [email protected]. Proposal documents should be attached to the e-mail in PDF format. The submission deadline for proposals is 7 May 2011. Please submit an intent to submit by 30 April 2011 if you intend to submit a proposal for this project.
OWASP is a 503c Not-For-Profit Organization, as such proposals that offer services or products as donations to the organization will take precidence. Donations will be matched with an OWASP Corporate Sponsorship and may be tax-deductable for your organization.