This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Global Initiatives/Cyber Security Pre-accelerator Initiative

From OWASP
Revision as of 14:36, 24 May 2014 by Neill Gernon (talk | contribs)

Jump to: navigation, search
Initiatives banner large.jpg

OWASP Cyber Security Startup Initiative

This initiative seeks to catalyze opportunities for innovation in application security by promoting the use of open source security tools within the start-up community. The main outcome of this OWASP initiative is the creation of a process that can be used for running a pre-accelerator for security company start-ups (also referred as start-up incubator) by either public or private industry sectors. One of the possible outcome(s) of this initiative is also the creation of security start-ups for a selected number of teams participating to this initiative.

Initiative Goals

The main goal of the pre-incubator is to create opportunities for entrepreneur-lead teams to transform their ideas of software security tools/services into open source community-validated concepts such as PoCs/prototypes. The pursuit of innovative ideas and the development of these (PoCs) Proof of Concept(s) can leverage OWASP free resources such as open source tools/documents/trainings. The OWASP security incubator will offer to the selected entrepreneur-lead teams a structured place to work to transform their ideas into working prototypes. This will be done with the support of OWASP and OWASP corporate sponsorship(s). Any artifact developed by the start-ups participating into the program including the PoCs and prototypes being developed will be released as open source to the application security community.

Initiative Focus

This initiative will focus on the pre-incubator/pre-acceleration phase that is the preliminary phase that leads to the incubation of a possible start-up. This is the phase where talent is nurtured and ideas are developed, tools are validated and tested. The goal of the pre-acceleration phase is to create Proof of Concepts (PoCs) of software security tool prototypes. This phase leads to the next phase that is the acceleration phase. Entrepreneur-lead teams participating to the OWASP pre-acceleration program can possibly use these POCs/prototypes to develop Minimum Viable Product (MVPs) in the acceleration stage. These MVPs might be used to present to Angel investors/VCs to seek funding for the creation of their start-ups using these products.

Beneficiaries of this Initiative

The OWASP pre-incubator security start-up initiative helps academic institutions, government entities as well as corporate sponsors to create their own cyber-security innovation campus/acceleration for start-up programs. OWASP will provide the tools, the training modules, the documentation guides and help teams to design, to implement and to test secure software. The ideal targets that can benefit from this initiative are young graduates from universities with curriculum in cyber-security interested in experimenting with application security tools to create innovative ways to test and develop secure software. By spearheading the incubation of security start-ups OWASP will also create the opportunity for these young college graduates to experience with software security, develop working prototypes and PoCs and use them to seek a career in software security as well as to become employed in self created security start-up that can leverage these OWASP tools and prototypes for their software security consulting services. By participating to this initiative prospective start-ups will be better positioned to seek funds and seed capital investment from prospective investors/VCs/Angels. Products/MVPs could be presented to prospective investors for funding. These MVPs can be further developed by the start-up based upon the open source software/prototypes/PoWs begin developed and the technical experience gained while participating to the OWASP pre-acceleration security program.

Initiative Participation Requirements

Participants to the OWASP pre-acceleration security start-up program such as OWASP corporate sponsors and prospective start-up teams are required to respect the open source licenses for the use of OWASP tools and for the prototypes/PoCs being developed. OWASP prototypes/PoCs should be released as open source and subjected to the Creative Commons 3.0 License (see OWASP licenses for details).

The role of OWASP in this Initiative

OWASP will provide funding for running of the initiative using OWASP corporate sponsorship. The funding will be used to run the initiative and to provide the logistical aspects of the program that includes providing office space for prospective start-up teams, conduct the "hackatons" to experiment with OWASP tools and resources and organize training sessions with application security mentors. The artefacts produced by the start-ups will also funded by the initiative, this will be released as open source. Another part of the funding will be allocated for documenting the process for running the pre-accelerator for security start-ups. This includes the lesson learned by running the pre-accelerator program that will be documented in manuals and distributed to the sponsors of the initiative (e.g. Academic institutions, corporate sponsors) as well as free to use by the application security community as a whole.

OWASP is a non for profit organisation and therefore is not involved in any commercialisation aspects of the tools and products/MVPs that will be developed in the future by the start-ups that participated to the pre-acceleration program. OWASP will be involved only in running the start-up incubator program and the funding of OWASP open source projects created by the start-ups that participate to this initiative. OWASP will not invest into the start-ups and will not take any commercial interests in the development of products that the start-up will develop outside this program. This includes also products/MVPs that are used to seek funds such as seed capital for the start-up.

The OWASP organization, through the global foundation and his local chapters and the leaders of this initiative will ONLY run and manage the security start-up pre-accelerator program and fund the development of prototypes/PoCs that will be released as open source. OWASP will provide in-person mentoring in application security to the start-up teams participating to the program and mentoring to help teams to take their ideas into working prototypes/tools. OWASP will also collect data while running this program that will be useful for the documentation of the program manuals as lesson learnt. A the end of the pre-incubation phase, OWASP mentors will also teach the start-ups on how to create business plans and will advise in the technical aspects related to the proposal of new products and services.

Initiative Collaboration Effort

OWASP will be managing and run this initiative in collaboration with the sponsors. The likely sponsor(s) of this initiative are academic institutions that already have cyber-security curriculum and graduate programs in cyber-security as well as government organisations, corporate sponsors that would like to partner with academic institutions for the creation of cyber-security incubators for start-ups. Examples of these collaboration(s) includes the Cyber Labs incubator in Israel, the Cyber-security start-up accelerators in VA USA the Cyber Incubator@bwtech in MD USA and the CyberHive in CA-USA San Diego

Participation and Sponsorship Appeal

Corporate sponsors, academic institutions and government organisations interested in the OWASP cyber-security pre-acceleration initiative can contact the initiative leaders (ref to the leaders info of this page) as well as OWASP foundation board directly. OWASP has different corporate sponsorship options available and all provide benefits. More information on OWASP corporate sponsorship can be found here

If you are interested to directly contribute to the Cyber Security Pre Startup Accelerator Initiative please fill in the following sponsorship form

Presentation Materials

OWASP Start-up initiative proposal documentation

Atrovate proposal to OWASP presentation deck

Note: this initiative proposal is released to OWASP for the purpose of seeking OWASP corporate funding only and should considered propriety of the authors and OWASP and cannot distributed and used for commercial purposes and without consent of the authors

Initiative Leader(s)

Neill Gernon Marco Morana


Mailing List

Starting point/To date Neill Gernon and Marco Morana have worked up to this point on: -Startup community engagement> Meetings with London startup hubs including Level39 (Europes largest accelerator space), IDEALondon and universitys like Kings University where Marco spoke about the programme with thier security leaders. Also had meetings inside Google Campus London, Tech Hub and Central Working. -Programme planning> Designing the programme which has taken inspiration from lean prototyping workshops that Neill Gernon runs in London and Dublin startup clusters. Planning stages also included engaging with owasp staff including Samantha Groves, Kelly Santalucia and GK Southwick to conclude that this should be submitted and structured as an initiative. -Coordinating owasp meetings: Meetings with owasp chapter leaders including Tobias Gondrom, Justin Clarke and Marco Morana.

Thursday, 24th April - Meeting. Meeting (conference call) between Neill Gernon & Marco Morana concluded the following: -Speakers/Mentors> (a) Will will be looking to confirm speakers for the first kick off event (mid May). At this kick off event Neill Gernon & Marco Morana will talk on the programme format and the benifits to participants - this is an overview of the programme and a chance for all interested to come together and connect pre- initiative launch. Also to answer any questions attendees have before beginning. (b) Will be looking to confirm mentors for the pre-accelerator programme. These mentors will commit to specific calander dates to give team advisory, product validation, people mentorship and guidance through out the initiative. -Calander> Now we have a chosen starting point (kick off event by the 22nd May in London), we will be outlining the calander timeline of events, workshops and hackathon dates/times. *This initiative schedule will be updated to the wiki soon* -Sponsor details: Waiting to get confirmation from sponsors on how they wish to support initiative and owasp -How to continuously update the wiki for future updates and initiative news.

Kick off event date, sponsor details, speakers and mentor confirmation will be following this meeting.


Friday 9th May - Update on sponsor signup Created a quick "google form" along with a new presentation to get sponsors signed up to the initiative. Confirmation of dates and venue pending and subject to sponsor commitment due to venue expenses. Potential sponsors have been two options: 1. join owasp membership and a % goes toward the initiative 2. sponsor initiative direct Google form found [here> https://docs.google.com/forms/d/1hg3xqM3fHKDda0WshTEC7UTzK4nwcr1j6H79mHXSBoQ/viewform .]

Additional updates> 1. Wednesday meeting with Marco Moran confirmed to discuss initiative progress, venue, dates and sponsor confirmation. 2. Monday - Meeting with IDEALondon to discuss venue and initiative start dates 3. Monday - Meeting with a London university to propose initiative sponsorship


'Friday 23rd May - Update on sponsor/meeting progress' Coordinating venue, sponsor and dates has taking longer than expected but continuing to progress with target engagements. Continued email discussions with Neill Gernon and Marco Morana on the progress of initiative to this date.

'''Academic Sponsors/meeting.'''

Securing dates to meet with UCL Meeting with researchers from the Research Institute in Science of Cybersecurity [1] for the week of the 2nd of June. Meeting will be Neill Gernon and Marco Morana presenting initiative to Professor M. Angela Sasse [2] and to Professor David Pym [3] as well as other additional professors from the Institute. The goal is to present the initiative as potential r&d research for UCL and as a career route for UCL students to create cyber security startups to drive cyber security innovation.

Progress with Kings University Marco Moran will also be engaging with contacts at Kings University London to arrange meting to present the initiative for the university/students.

Securing dates to meet with Royal Holloway Currently coordinating meetings with Royal Holloway with Lorenzo Cavallaro (through Marco Morana) and also to Justin O'Brian (through Samantha Groves) to help us present the initiative to Royal Holloway as an initiative that their students can participate in.

Confirming a round table session at AppSec UK. We are currently confirming a roundtable session to be held at AppSec UK [4] in Cambridge to present the initiative to owasp members/sponsors - both academic/corporate. Coordinating this roundtable session with Samantha Groves, Adrian Winckles and Tobias Gondrom which will be held at the AppSec Project Summitt [5] and presented by Neill Gernon on June 23rd/24th at Angelia Ruskin University Cambridge.





Milestones and Goals

The OWASP pre-incubator security start-up project includes the following milestones;

1) OWASP Security start-up pre-incubator process guide that document the process the WHAT that is a guide that can be followed by a non-profit entity such as OWASP, University, and Government Agency to run a security start-up pre-incubator program. We will document all steps of the process that can be followed to create pre seed funding security start-ups which can be replicated by following this program including the different stages that lead from opportunity to idea concept to creation of the open source prototype to the start-ups itself. The guide provide guidance on the goals of the various activities such as events, prototyping workshops and hackathons (e.g. goal is to experiment with OWASP open source tools, templates for the development of working prototypes) create and sign legal contract agreements, creation and validation of PoCs Proof of Concepts.

2) OWASP Security start-up pre-incubator process manual that teaches the HOW that is how to engage with the start-up community locally (start), organize events, workshops, hackathons, mentoring and prepare business plans for participation to security incubators start-ups (end);

3) OWASP Security start-up pre-incubator wiki site to manage the steps of the startup security pre accelerator process and document the proof of concept prototypes that can go on to be fully incubated start-ups; This wiki site will be created as OWASP pre-accelerator web site and will help it to be taken forward and used by OWASP chapters in different areas/countries.

4) Documented results of piloting with a start-up pre-incubator real case that includes using the process guide the manual the wiki site to run a real case of pre-incubator program by running it at one of the established start up campuses in London pending on availability and agreements.

5) OWASP open source working software prototype/PoCof an open source application security software/technology. This prototype/PoC is produced by following theseveral steps of the pre-accelerator security incubator program and is produced by the initiative participants as residents in the pre-accelerator working space and validated by the open source community. The scope of the prototype is to validate a proof of concept of a new idea that makes either web or mobile applications more secure. This prototype is released as open source to the community.

Signup to our mailing list, updates coming soon! Mail list> https://lists.owasp.org/mailman/listinfo/owasp_cyber_security_pre-accelerator_initiative