OWASP Project Hosting Solution Request for Proposals
The OWASP Foundation came online on December 1st 2001. It was established as a 503(c) non-profit organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at OWASP. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. Our central wiki can be found at www.owasp.org.
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.
Since its inception as a repository for application security knowledge and information – OWASP has grown into a haven for security research tools and libraries aimed at helping organization improve the application security stance. Many of OWASP's first successful projects were documentation projects and as a result, our current infrastructure was designed around hosting projects in wiki format. However, many of our projects are now code-based tools or libraries and our current wiki infrastruction does not give us the flexibility necessary to manage these projects in a cohesive, reliable manner.
The OWASP Global Projects Committee is currently looking for proposals to provide a cohesive project hosting framework for developers and users.
Our envisioned project hosting solution encompasses not just basic project management tools, but also an infrastructure to implement and/or support our broader needs to publicize and promote OWASP projects.
Basic Project Hosting Tools
The following list of features are typical project hosting features that are relatively self explanatory and we assume will be part of any project hosting service proposal.
- Issue Management
- Software Configuration Management (e.g. CVS, Subversion, Git, etc)
- Anonymous Read Access
- Authenticated Commit Access
- Continuous Integration Build
- Support for various languages including, but not limited to, C/C++, Java, .Net, ASP, and PHP
- Project Metrics/Statistics for:
- Code Commits
- Active Committers
- Average Issue Resolution Time
- Open/Resolved Issue Counts
Project Content Presentation Services
- Branded Project Wiki page
- Mailing Lists / User Groups
- Downloads Page
- Ability to publish Native Language Document (JavaDoc, PHPDoc, etc) for public consumption
Project Management Services
- Customizable (OWASP Branded) Projects Portal
- Aggregate Metrics for all projects under the OWASP Umbrella for use on the projects portal page.
- This infrastructure should be provided and supported by a vendor with a reliable (tested) and hardened hosting solution.
- The ability to add additional services for projects on a per-project as-needed basis should be available either by providing a tool to add the service, or by submitting a support ticket to have the service added to the project by the vendor.
- An SLA (Service Level Agreement) for services rendered should be provided along with and considered part of the proposal
- Provide an OWASP Branded Projects Portal page under which all OWASP Projects will be accessible and custom content can be loaded on to the page from dynamic sources – such as Twitter, Blogs, and Photostreams.
- Provide a cohesive suite of project hosting and lifecycle tools for OWASP Incubator, Labs, and Mainstream projects to aid in the success of the projects.
| Submit Deadline
|| GPC Decision Deadline|
- April 1, 2011 - RFP initially published
- April 30, 2011 - Deadline for companies to complete their submission
- June 10th, 2011 - Selection announcement made at OWASP AppSecEU
- No later than June 30th, 2011 - Contract signed
- No later than November 1st, 2011 - initial pilot projects launched
'OWASP is a 503c Not-For-Profit Organization, as such proposals that offer services or products as donations to the organization will take precidence. Donations will be matched with an OWASP Corporate Sponsorship and may be tax-deductable for your organization.'
How to Submit
Please send all proposals, via email to [email protected] Proposal documents should be attached to the e-mail in PDF format. The submission deadline for proposals is 7 May 2011. Please submit an intent to submit by 30 April 2011 if you intend to submit a proposal for this project.