Global Initiatives/Cyber Security Pre-accelerator Initiative
OWASP Cyber Security Startup Initiative
This initiative seeks to catalyse innovation in application security by promoting the use of open source such as OWASP testing tools, technical documentation, training modules within the start-up community in the context of incubation of a possible startup and in a roadmap for the creation of possible application security start-ups.
The main outcome of this initiative is the creation of documentation manuals for running an incubator/acceleration program for security start-ups and collect useful data from the experience of running a pilot of a security incubator program. The intended target of this material are non-profit academic institutions, government entities that seek to invest in the creation of a security start-up incubator program (also referred as company accelerator, innovation campus).
This initiative will focus on the pre-incubator/pre-acceleration phase that is the preliminary phase that leads to incubation of a possible startup. This is the phase where talent is nurtured and ideas are developed, tools are validated and tested. This phase leads to the next phase that is the acceleration phase. The goal of the acceleration phase is to create Proof of Concepts (PoCs) of software security tool prototypes. Entrapenuer-lead teams participating to the OWASP pre-acceleration program can possibly use these POCs/prototypes to develop Minimum Viable Product (MVPs). These MVPs might be used to present to Angel investors/VCs to seek funding for the creation of their start ups using these products.
The goal of the pre-incubator is to create opportunities for entrapeneur-lead teams to transform their ideas of software security tools/services into open source community-validated concepts such as PoCs/prototypes. The pursuit of innovative ideas and the development of these PoCs Proof of Concept leverages the use of OWASP free resources such as open source tools/documents/trainings. The OWASP security incubator will offer to selected entrepeneur-lead teams a structured place to work to pre-incubate their ideas into working prototypes using OWASP funds and backing of OWASP corporate sponsorship. These PoCs developed will be released as OWASP open source and released to the community to be use as a free resource and not for commercial use.
Participation and Sponsorship Appeal
Interested corporate sponsors, academic institutions and government organisations can contact OWASP to become a sponsor of the Cyber Security Pre Startup Accelerator Initiative by filling in the following sponsorship form
Benefits for Sponsors of this Initiative
The OWASP pre-incubator security start-up project empowers academic institutions, government entities as well as corporate sponsors to promote the creation of application security tools, foster education in application and software security among students as well as early graduated software security teams interested in experimenting with OWASP open source tools and entrepeneur-lead teams seeking to create software security start-ups. By spearheading the incubation of security start-ups OWASP will create the opportunity for software developers, software and application security testers and consultants to become self-sufficient in supporting the further development of software and services as a security start-up. These security start-ups will have the opportunity to leverage OWASP tools for their security consulting services, application security training and secure software development services. The possible investment that the start-up might obtain from investors might be used to fund the creation of a consulting services start-up company that plan to use open source tools including OWASP tools as well as for the creation of a software security technology focused company. These software security start-ups might invest money and resources for the creation of MVPs to be presented to prospective investors for funding. These MVPs can be developed based upon the experience gained participating to the OWASP pre-acceleration security program and the lessons learnt by developing the software/prototypes/PoWs within the pre-acceleration program.
For Non-Profit use Limitations and Open Source Licensing Requirements
Participants to the OWASP pre-acceleration security start-up program have a legal requirement to respect the open source licenses for the OWASP tools, and prototypes being developed such as the Creative Commons 3.0 License (see OWASP:Copyrights for details). These licensing agreement legally bind the start up in the respect of these license agreements when OWASP open source tools are used for commercial consulting services as well as when are integrated as part of their commercial tools/products.
OWASP won’t be involved in the creation and commercialisation aspects of the tools that can be further be developed by the cerated start-ups that participated to the program. OWASP will be involved only in the mentoring and funding support of the activities of the pre-accelerator program and in the funding of OWASP open source projects. These OWASP projects can be lead by prospective entrepreneur-lead teams that are enrolled in the pre-incubator start-up program.
The OWASP organisation, through his local chapters will run and manage the security start-up pre-accelerator program ONLY, seek to provide in-person mentoring in application security to the teams participating to the program and provide mentoring to help teams to take their ideas into working prototypes/tools. During the pre-incubation phase, OWASP might also mentor the start-ups in the creation of the business plans and advise in the technical aspects related to the investment sought for the development of MVPs. OWASP won't participate in the start-up since OWASP is a non-profit organisation and won't take any commercial interests in the development of MVPs or be part as organisation in the business plan/proposal of the start-up.
Note: this initiative proposal is released to OWASP for the purpose of seeking OWASP corporate funding only and should considered propriety of the authors and OWASP and cannot distributed and used for commercial purposes and without consent of the authors
Starting point/To date Neill Gernon and Marco Morana have worked up to this point on: -Startup community engagement> Meetings with London startup hubs including Level39 (Europes largest accelerator space), IDEALondon and universitys like Kings University where Marco spoke about the programme with thier security leaders. Also had meetings inside Google Campus London, Tech Hub and Central Working. -Programme planning> Designing the programme which has taken inspiration from lean prototyping workshops that Neill Gernon runs in London and Dublin startup clusters. Planning stages also included engaging with owasp staff including Samantha Groves, Kelly Santalucia and GK Southwick to conclude that this should be submitted and structured as an initiative. -Coordinating owasp meetings: Meetings with owasp chapter leaders including Tobias Gondrom, Justin Clarke and Marco Morana.
Thursday, 24th April - Meeting. Meeting (conference call) between Neill Gernon & Marco Morana concluded the following: -Speakers/Mentors> (a) Will will be looking to confirm speakers for the first kick off event (mid May). At this kick off event Neill Gernon & Marco Morana will talk on the programme format and the benifits to participants - this is an overview of the programme and a chance for all interested to come together and connect pre- initiative launch. Also to answer any questions attendees have before beginning. (b) Will be looking to confirm mentors for the pre-accelerator programme. These mentors will commit to specific calander dates to give team advisory, product validation, people mentorship and guidance through out the initiative. -Calander> Now we have a chosen starting point (kick off event by the 22nd May in London), we will be outlining the calander timeline of events, workshops and hackathon dates/times. *This initiative schedule will be updated to the wiki soon* -Sponsor details: Waiting to get confirmation from sponsors on how they wish to support initiative and owasp -How to continuously update the wiki for future updates and initiative news.
Kick off event date, sponsor details, speakers and mentor confirmation will be following this meeting.
Friday 9th May - Update on sponsor signup Created a quick "google form" along with a new presentation to get sponsors signed up to the initiative. Confirmation of dates and venue pending and subject to sponsor commitment due to venue expenses. Potential sponsors have been two options: 1. join owasp membership and a % goes toward the initiative 2. sponsor initiative direct Google form found [here> https://docs.google.com/forms/d/1hg3xqM3fHKDda0WshTEC7UTzK4nwcr1j6H79mHXSBoQ/viewform .]
Additional updates> 1. Wednesday meeting with Marco Moran confirmed to discuss initiative progress, venue, dates and sponsor confirmation. 2. Monday - Meeting with IDEALondon to discuss venue and initiative start dates 3. Monday - Meeting with a London university to propose initiative sponsorship
Milestones and Goals
The OWASP pre-incubator security start-up project includes the following milestones;
1) OWASP Security start-up pre-incubator process guide that document the process the WHAT that is a guide that can be followed by a non-profit entity such as OWASP, University, and Government Agency to run a security start-up pre-incubator program. We will document all steps of the process that can be followed to create pre seed funding security start-ups which can be replicated by following this program including the different stages that lead from opportunity to idea concept to creation of the open source prototype to the start-ups itself. The guide provide guidance on the goals of the various activities such as events, prototyping workshops and hackathons (e.g. goal is to experiment with OWASP open source tools, templates for the development of working prototypes) create and sign legal contract agreements, creation and validation of PoCs Proof of Concepts.
2) OWASP Security start-up pre-incubator process manual that teaches the HOW that is how to engage with the start-up community locally (start), organize events, workshops, hackathons, mentoring and prepare business plans for participation to security incubators start-ups (end);
3) OWASP Security start-up pre-incubator wiki site to manage the steps of the startup security pre accelerator process and document the proof of concept prototypes that can go on to be fully incubated start-ups; This wiki site will be created as OWASP pre-accelerator web site and will help it to be taken forward and used by OWASP chapters in different areas/countries.
4) Documented results of piloting with a start-up pre-incubator real case that includes using the process guide the manual the wiki site to run a real case of pre-incubator program by running it at one of the established start up campuses in London pending on availability and agreements.
5) OWASP open source working software prototype/PoCof an open source application security software/technology. This prototype/PoC is produced by following the￼￼￼￼￼￼several steps of the pre-accelerator security incubator program and is produced by the initiative participants as residents in the pre-accelerator working space and validated by the open source community. The scope of the prototype is to validate a proof of concept of a new idea that makes either web or mobile applications more secure. This prototype is released as open source to the community.
Signup to our mailing list, updates coming soon! Mail list> https://lists.owasp.org/mailman/listinfo/owasp_cyber_security_pre-accelerator_initiative