Hi Matt, Thanks for the response. You are sort of correct, I would say the end goal is a service - an open source engine that is able to grab and ingest this highly unstructured security information and turn it into something useful - then provide that back to the user in a few different forms. One would be a web services API for general use exposed to the Internet (a service, like you said), and another would be a series of command line tools and libraries that others can use to ingest this information easily. the third goal would be: not only is the code open source, but all data used in the application is available itself, so this could easily be used to run a personal node of this information for an organization, scylla.sh is simply my instance that I expose to the Internet at large for those that don't want to run a "full node". If that is more palatable to the ASF I'm glad to make that the focus. In other words: I'm not married to any model here.
I knew coming in that it's a bit unconventional for Apache, but, I think, it is a unique and powerful project that would increase engagement from the infosec community in which I personally, as well as my R&D company have some good visibility from. In other words, just testing the waters to see how this is received by ASF :). Alex On Tue, Jul 2, 2019 at 3:44 PM Matt Sicker <boa...@gmail.com> wrote: > I'm a little unclear about the scope of the project here. This project > looks more like a service, and I don't know of any ASF projects that > exist to provide services outside the ASF. > > On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres > <acace...@hyperiongray.com> wrote: > > > > Hey Folks, > > > > I'm interested in submitting a project as a seedling and am looking > exactly > > where to start. The project is already off the ground, being used by > many, > > is stable, reasonably mature (it's in alpha release), open source, and > > already Apache licensed. I've been looking at a lot of resources to how > > best to submit this to Apache and from what I understand I need to: > > > > Find a "champion/mentor" for the project and a "sponsor" -> submit an > > incubator application -> wait (or do i submit for a vote on general@?) > -> > > ... -> profit :) > > > > For a bit more context, my project is http://scylla.sh or > > https://github.com/acaceres2176/scylla. This project aggregates and > makes > > searchable database leaks and other information security data that is > easy > > for attackers to find (they have blackhat and underground resources) but > > difficult for security professionals trying to defend their network (they > > cannot buy stolen data, are not plugged into the blackhat hacker > community, > > and frankly generally don't know "where to start"). The Scylla engine > aims > > to even the playing field by making this data available and completely > free > > for everyone. The feed is meant to power threat intelligence engines to > aid > > in the defense of both large corporate networks, but also be accessible > to > > an average user who wants to check what information of theirs has been > > leaked. It's a passion project of mine and have been working on it for > > several months already. We have several terabytes of data and good > > attention from the infosec community. > > > > Anyway, sorry for the brain dump above, but I suppose I should mainly > ask - > > where do I go from here? Do I simply ask this mailing list if there is a > > sponsor and champion willing to bring this in as a podling? > > > > Thanks! > > Alex > > > > > > > > -- > > ___ > > > > Alejandro Caceres > > Hyperion Gray, LLC > > Owner/CTO > > > > -- > Matt Sicker <boa...@gmail.com> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > -- ___ Alejandro Caceres Hyperion Gray, LLC Owner/CTO
