Hello, It is my pleasure to announce the results of the OWASP Spring of Code 2007 <http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007> initiative.
After the submission of the proposals<http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications>the OWASP Board rated each one according to the agreed selection criteria<http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_:_Selection>and by a weird magical coincidence we came up with a result where ALL participants will receive a sponsorship. The submitted projects had enough quality to qualify and the budget available could be organized in a way that made sense (I think that the fact that the submissions had to be published directly to the WIKI (which I don't got defaced :) ) gave a good 'quality benchmark' to candidates. Boris was the exception since he submitted 3 projects and received a higher than average sponsorship for 1 project (SiteGenerator). The original plan was to allocate 110,000 USD (92k from OWASP , 9k from Spy Dynamics and 9k from EDS) and we ended with a total of 125,000 USD (with OWASP's contribution raised to 99k) We also had two new members joining OWASP: Cenzic (9k) and Vigilar (8k) and two specific projects sponsorships: SANS (5k) and Fortify (5k). At the end of this email you can find two tables: one with the SpoC results and one with the dinancial calculations. As you can see on the 2nd table, OWASP still has (at least) 18,000 USD to allocate to specific projects (this value might be higher pending the result of negotiations about a couple further projects sponsorships). I will be sending a new email about how these funds will be allocated. I am also very happy to announce that Giorgio Fedon will be managing the SpoC 007 project, so for the ones participating please provide as much support and help to him (i.e. do what he asks you to do :) ). As always I am here to help, so if you have any questions or need more information do contact me. Finally I want to thank to the wonderful participants who now have the hard job to deliver on their projects :) . For the participants, please remember that the success of SpoC 007 is on your hands, so please make us proud, and show the world how OWASP is a good host/enabler for the successful execution of Open Web Application Security Projects. Thanks to everybody who helped to make this possible, A very proud, Dinis Cruz Chief OWASP Evangelist http://www.owasp.org Table 1: SpoC 007 Results Proposal ID Project Total Project *Mark Curphey* The OWASP Web Security Certification Framework *20000* (tbd) Interim @ Aspect Offices *10000* (tbd) 10x 1000USD to FOSS projects we all use *10000* *Boris* OWASP Site Generator * 7000* *NSRAV Security Research Group* Attacks Reference Guide *5000* *Eric Sheridan and Dr. Goran Trajkovski* The Scholastic Application Security Assessment Project *5000* *EdFinkler* A comprehensive input retrieval/filtering system for PHP *5000* *Eoin Keary* Code review Project * 5000* *Mateo* OWASP Certification Project *5000* *Sebastien Deleersnyder* OWASP Education Project *5000* *Arshan Dabirsiaghi* OWASP The Anti-Samy Project * 5000* *Caseydk* Security throughout the SDLC *3000* *Erwin Geirnaert* OWASP WebGoat Solutions Guide 2500 *Bunyamin Demir* OWASP WeBekci Project 2500 * Denis* Python Tainted Mode 2500 *Darren Edmonds* WebScarab NG Security Test Automation 2500 *Przemyslaw 'rezos' Skowron* Refresh Attacks list 2500 * Bernardo* sqlmap 2500 *Jim* Best Practices & Countermeasures 2500 *Paulo Coimbra * OWASP brand 2500 *Heiko* Web Application Security put into practice 2500 *Subere* OWASP JBroFuzz Project 2500 *Paolo Perego* Owasp Orizon Project 2500 *Buanzo* Enigform: Firefox Addon for OpenPGP signing of HTTP requests 2500 *Josh Sweeney* OWASP LiveCD Education Project 2500 *Erwin Geirnaert* OWASP Java Project 2500 Giorgio Fedon Help with SpoC project management 2500 Joshua Perrymon OWASP LiveCD Project 2500 Boris OWASP Report Generator *-* Boris OWASP Tiger *-* * * * * *125000* Table 2: SpoC 007 Financial Calculations Who? Project budget Allocated Still Available OWASP Any 98000 98000 0 EDS 9000 9000 0 SPI SiteGen 9000 4000 5000 Cenzic SiteGen 3000 3000 0 Metr 3000 0 3000 SDL 3000 3000 0 Vigilar Certification 8000 8000 0 SANS Questions 5000 5000 Fortify Source code review 5000 0 5000 Totals 143000 125000 18000
