About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

OWASP Spring of Code 2007

During the lightning talks at tonight's PHP Meetup, Andrew van der Stock (executive director of OWASP) announced the Spring of Code 2007, an effort that will distribute $100,000 to worthy projects, divided approximately as follows:

  • $20,000 for one lucky project.
  • $10,000 for 10 open source projects.
  • $40,000 for 8 large projects.
  • $22,500 for 9 medium projects.
  • $7,500 for an internship.

The emphasis is on open source projects that are related to web application security, and Andrew expressed a specific interest in improving PHP. As he has noted in the past, it's more difficult than it should be to develop secure applications in PHP. As the leading platform for web application development, PHP could advance the state of the art, but as Andrew stated tonight, it has some catching up to do in a few areas like SQL injection, although PDO is a big step in the right direction.

Other talks included Wez Furlong on OpenID, Alex Mikitik on PHP testing (using test-more.php and a PHP port of prove that he wrote), and John Schulz on jQuery. (I talked about CSRF.) All in all, it was a successful inaugural meeting.

If you're interested in joining us for future meetings, please join the mailing list and our PHP Meetup. Our next meeting will be 02 Apr - hope to see you there!

About This Post

OWASP Spring of Code 2007 was posted on Tue, 06 Mar 2007 at 05:14:29 GMT.

4 Comments

1. Jesse Lands's GravatarJesse Lands said:

Sounds great, but kind of confusing

(* $20,000 for one lucky project.

* $10,000 for 10 open source projects.

* $40,000 for 8 large projects.

* $22,500 for 9 medium projects.

* $7,500 for an internship.) != $100,000

Thu, 08 Mar 2007 at 12:55:03 GMT Link

2. Chris Shiflett's GravatarChris Shiflett said:

Hi Jesse,

Are you sure? It looks like it adds up to me.

Thu, 08 Mar 2007 at 15:05:07 GMT Link

3. Jesse Lands's GravatarJesse Lands said:

Maybe I'm reading it wrong. is it 1 X 20K, 10 x 10K, 8 x 40K etc. etc.?

Thu, 08 Mar 2007 at 21:50:18 GMT Link

4. Chris Shiflett's GravatarChris Shiflett said:

Ahhh, now I see. No, he just mentioned the chunks of money to keep the math simple.

That is a bit confusing - you're right.

Thu, 08 Mar 2007 at 21:55:41 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

php|tek

19 - 22 May 2009

At Sheraton Gateway Suites Chicago O'Hare, Chicago, Illinois.

OSCON

20 - 24 Jul 2009

At San Jose McEnery Convention Center, San Jose, California.

New Comments

Ronald wrote:

A little hard for a rookie like me, but useful. I also thought you'd like to know there is a grea...

Posted in A rev="canonical" HTTP Header
Alex wrote:

Aren't you forgetting that the session will expire if _write() is never called? That excludes ...

Posted in
Andy Mabbett wrote:

@Chris Shiflett, #4, belatedly: Google only accepts rel=canonical within the same domain. My s...

Posted in A rev="canonical" HTTP Header
Kenneth Udut wrote:

I've implemented this rev="canonical" idea on http://free.naplesplus.us in the hopes that it catc...

Posted in Save the Internet with rev="canonical"
Mark wrote:

After reading your article and all the comments, what I got out of this was that sessions are not...

Posted in

Browse Comments