Google Summer of Code: Writing a good proposal
OWASP has been selected as an organization this year and OWTF is participating! Lots of ideas to choose from https://www.owasp.org/index.php/GSOC2018_Ideas and https://github.com/owtf/owtf/issues :)
My first memory of working in the open source community is the summer of 2014 — I participated in the Google Summer of Code with OWASP OWTF! Looking back, it was an eye-opening experience for me, a novice security student to work with brilliant mentors, and learn from people working on other ideas.
I won’t lie — working in open source security community has been a tremendous advantage for me in professional networking, new friends, finding new opportunities (speaking at BlackHat Arsenal!) and many more :).
Maximizing your chances of being accepted in GSoC
Here are some of observations that Abraham Aranguren (original OWTF Project author and lead) made during the previous Summer of Code years:
1. People with pre-GSoC project involvement are generally rank the highest.
2. People who started working on their proposals EARLY ranked the highest.
3. People who worked the hardest on their proposals ranked the highest
General tips on how to write a hard-to-refuse proposal!
1. Think about an idea to write up a proposal — consult the ideas page or the Github issue tracker for this (https://www.owasp.org/index.php/GSOC2018_Ideas and https://github.com/owtf/owtf/issues)
2. Take the proposal seriously, as if you were looking for a job:
You are proposing a solution, that is complete, solid and believable and you add references to demonstrate why you will do a good job implementing that idea.
3. Once you have a draft send it to your mentor, friends or the project leaders/maintainers for a review.
5. You improve the proposal from the review comments and send it for review again!
Repeat this iterative cycle until your proposal is concrete, clear and outlines your idea perfectly.
Here are some tips on how to write the actual proposal.
tl;dr To create a winning proposal: Have lots of images, a strong project plan, believable timelines, solid pre-implementation research, pre-GSoC project involvement, “hammering draft review cycles”.
Let the pre-implementation research drive your proposal:
How did other libraries/tools solve the problem you are trying to solve?
What were the challenges? How were the challenges solved? Based on that, how will you solve the problem? Are there online comparatives? (i.e.
accuracy, speed, reliability, benchmarks, etc. Use them generously!!)
If your proposal does not clearly answer these questions you will be in
the maybe zone.
Let me introduce what Heilmeier’s Catechism is:
A set of questions credited to Heilmeier that anyone proposing a
research project or product development effort should be able to answer
http://en.wikipedia.org/wiki/George_H._Heilmeier#Heilmeier.27s_Catechism
In the context of the GSoC, Abraham Aranguren (my mentor, to whom I am deeply indebted to, thanks Abe!) mapped the Heilmeier Catechism
questions to (potential) GSoC proposal sections.
Why? Google Summer of Code mentors will knowingly or unknowingly try to see if your proposal is able to answer the “nasty Heilmeier questions” ;).
IMPORTANT: Does your proposal answer these questions? if not, it
probably needs more work!
You should try to answer these questions indirectly in your proposal (i.e. DO NOT COPY-PASTE THESE QUESTIONS INTO YOUR PROPOSAL! ).
- Intro/Goals: What are you trying to do? Articulate your objectives using absolutely no jargon.
Translation: Your introduction and even goals should be something that “even your parents/grandparents can understand”.
Who cares?
Translation: What people will benefit from your project?If you’re successful, what difference will it make?
Translation: What are the advantages of your project?
- Pre-implementation research: How is it done today, and
what are the limits of current practice?
Translation: How do other libraries/tools currently solve the problem
that you are trying to solve? What are the problems/limits they face?
How do they try to mitigate those problems?
What’s new in your approach and why do you think it will be successful?
Translation: Based on your pre-implementation research, how will you solve the problem?
PRO TIP: If your proposal answers this in a solid scientific fashion,
you beat 90+% of your competition!
- Project Plan: What are the risks and the payoffs?
Translation: What are the challenges and benefits of your project? How
will you mitigate those challenges?
What are the midterm and final tests to check for success?
Translation: How will the mentors know if your project was successful?
- Project Plan/Timeline: How long will it take?
Translation: Does your timeline make sense?
Your goal should be to make mentors/reviewers fall down their chairs when they see your proposal! :)
If you are active in OWASP or the general application security community and willing to mentor students for OWTF, please contact me! DMs open on Twitter :)
Some more excellent references
