OWASP Spring of Code 2007
06 Mar 2007During the lightning talks at tonight's PHP Meetup, Andrew van der Stock (executive director of OWASP) announced the Spring of Code 2007, an effort that will distribute $100,000 to worthy projects, divided approximately as follows:
- $20,000 for one lucky project.
- $10,000 for 10 open source projects.
- $40,000 for 8 large projects.
- $22,500 for 9 medium projects.
- $7,500 for an internship.
The emphasis is on open source projects that are related to web application security, and Andrew expressed a specific interest in improving PHP. As he has noted in the past, it's more difficult than it should be to develop secure applications in PHP. As the leading platform for web application development, PHP could advance the state of the art, but as Andrew stated tonight, it has some catching up to do in a few areas like SQL injection, although PDO is a big step in the right direction.
Other talks included Wez Furlong on OpenID, Alex Mikitik on PHP testing (using test-more.php
and a PHP port of prove
that he wrote), and John Schulz on jQuery. (I talked about CSRF.) All in all, it was a successful inaugural meeting.
If you're interested in joining us for future meetings, please join the mailing list and our PHP Meetup. Our next meeting will be 02 Apr - hope to see you there!