Thursday, May 15, 2008

The Summer of Code is in full swing and we're looking for reviewers for projects. I am also looking for contributors for the OWASP .NET Project. For reviewers, there's quite a few projects and compensation, free tickets to the OWASP NYC Conference or 12.5% of the project's stipend (~$300-$600). Here's the recent e-mail from Paulo Coimbra:

Hello everyone,

I hope you all are well.

As you already know, OWASP has awarded 31 grants to promising application security researchers as part of the OWASP Summer of Code 2008 (SoC 2008).

As a result, I am here again taking your time - we are seeking out for project reviewers so as to have all these projects assessed.

Consequently, if you are interested in performing such task, please don't hesitate and let us know as soon as possible. As a volunteer organization, we rely absolutely on your contribution. Hence, we lively encourage you to put forward your application to assume this reviewer role.  

To make your decision please look at the following information:

Where are the projects to review? These projects can be found here.

What are the reviewers' main tasks?

A. The main tasks are the result of a set of rules previously established in both the OWASP Summer of Code 2008 initiative and the OWASP Project Assessment criteria .

B. To exemplify, please take into consideration the OWASP Skavenger Project.

C. Simplifying , I would say that the work review will basically consist in certifying that the project's objectives and deliveries were accomplished and, taking into consideration the OWASP assessment criteria, in certifying that the Beta Status was reached. Additionally we expect the reviewer always to be available to provide useful advice to the project developer. These tasks must be performed twice: the first one, the 50% Review, by June 29 and the second one, the Final Review, by September 15.

D. Regarding the question of the project status, it is important to clarify that, even though the majority of the projects have to reach Beta status, there are also some others, in which the status target is Release Quality. That is to say, that each project built on previous work done within OWASP (Existing OWASP Projects) should obtain Reviewers' agreement that a Release Quality stage was achieved.

3. Who can be a reviewer? If you are interested in contributing and feeling comfortable with the technical matters in question, you can be project reviewer. We encourage also the OWASP Summer of Code 2008 participants to take part in reviewing someone else's SoC 2008 project. However, please pay attention to the fact that, at least, one of the two Project Reviewers should be an OWASP Project or Chapter Leader.

4. Will this work be paid? Well, in terms of paying the market value of your work, we wouldn't dare say 'yes'. However, we will reward this contribution either with a free ticket to attend the OWASP NYC AppSec 2008 Conference or with 12,5% of the value of the project to be reviewed.

Where can I find the project's progress page in which I am interested?  That is to ask, where can I find the page similar to the OWASP Skavenger Project one? Currently, nowhere, but very soon each project will be supplied with its own progress page.

So, if I am interested in being one of the reviewers,
how should I proceed?

A. Please drop me a line to let me know about your interest.

B. I will put you in direct contact with the project's author.

C. Having reached the author's agreement, please inform us.

D. As all reviewers must have OWASP Board approval, we will inform you as soon as possible about their decision.  

To conclude, having any kind of doubt, don't hesitate and get back to us.

We thank you in advance, best regards,

Paulo Coimbra
OWASP Project Manager