Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
On Donnerstag, 26. Juni 2008, Jan-Oliver Wagner wrote: how about arranging a Contest 'Best advances for OpenVAS Network Vulnerability Tests' in order to make OpenVAS more known, get people to look on how to implement further NVTs or in other ways implement ideas to improve OpenVAS? What I am having in mind is something like this (just quickly drafted and entirely open for suggestions how to change or extend or entirely rewrite it): I'd like to not delay this contest any further as we received quite positive feedback. Surley it would be good to have support by SPI for managing it, but Intevation could take over responsibilities until things are clearified. Getting the contest to start is more important than to get the details straightened, IMHO. Please feel free to fix or improve the actual announcement of the contest (we have already two additional sponsorts :-) : Contest: Best advances for OpenVAS Network Vulnerability Tests The OpenVAS Team (Open Vulnerability Assessment System, [1]) calls for submission of patches, scripts, converters or anything else that significantly improves the OpenVAS framework for extended Open Source Network Vulnerability Testing. Basically your are free to choose the actual area of improvements, examples are: * New .nasl scripts for recent security alerts * NASL libraries for simplifying development of new test scripts * Converter routines that (semi-)automatically create NASL scripts from formal security alerts. * Performance improvements for the current tests. There are arbitrary other ways to extend/improve the OpenVAS test routines. The only hard requirement is that your solution is published as Free Software under GNU GPLv2+. Current winner prices are (the amount might increase because additional sponsors are welcome to add to the price as along as the contest is open): 1: 500 Euro 2: 300 Euro 3: 200 Euro The sponsors and OpenVAS steering team will jointly choose the winners inspired by these criteria: * number of CVEs/BIDs covered * relevance of the covered alerts * sustainable future benefit (e.g. in the case of supporting APIs) * how well the development was coordinated via the public OpenVAS mailing lists (teams may win as well) * code quality (documentation, design, style) Contest sponsors are (sorted by sponsored amount): * Intevation GmbH, www.intevation.net * DN-Systems GmbH, www.dn-systems.de * Tim Brown Time table: 2008-08-15: Contest started 2008-10-15: Contest closes 2007-10-30: Winners nominated How to participate: * express you wish to participate on the OpenVAS mailing list and what you plan to work on * summarize you contribution before contests closes and submit it on the OpenVAS mailing list [1] www.openvas.org -- Dr. Jan-Oliver WagnerIntevation GmbH, Osnabrück Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
--- On Tue, 7/22/08, Jonas Andradas Arias [EMAIL PROTECTED] wrote: http://lists.wald.intevation.org/pipermail/openvas-discuss/2008-June/000627.html Thanks! I read that new NASL scripts can compete. Are C plugins (.nes) excluded? ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
Getting too formal will lead to slow-down and quite some overhead works. I don't need a lawyer's text; at least some basic rules. When does it start, when will it be over, how the winners will be selected, by who, how will the prices be paid, will they be transferable, etc. The basic information that is found in any competition. Thats why I kept the draft text simple. Where is it? ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
Hello Boris, On Tue, 2008-07-22 at 00:59 -0700, Boris Chernenko wrote: Getting too formal will lead to slow-down and quite some overhead works. I don't need a lawyer's text; at least some basic rules. When does it start, when will it be over, how the winners will be selected, by who, how will the prices be paid, will they be transferable, etc. The basic information that is found in any competition. Thats why I kept the draft text simple. Where is it? I think it can be found here http://lists.wald.intevation.org/pipermail/openvas-discuss/2008-June/000627.html (Thanks Jan) Jonás Andradas. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss __ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. __ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. __ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
You mean the Euro amount for such a prize? Yes, sure! I now count a total of 1000 Euro already (Intevation/DN-Systems/T.Brown) :-) What are the rules of the competition? ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
On Thu, 2008-07-17 at 23:45 +0200, Jan-Oliver Wagner wrote: *snip* You mean the Euro amount for such a prize? Yes, sure! I now count a total of 1000 Euro already (Intevation/DN-Systems/T.Brown) :-) Best Jan It might be a good idea if there was an account (be it Paypal or pure bank account) where people (like myself) would be able to donate money for the prize. Jonás. __ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. __ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. __ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
On Friday 18 July 2008 09:23:15 Jonas Andradas Arias wrote: It might be a good idea if there was an account (be it Paypal or pure bank account) where people (like myself) would be able to donate money for the prize. Jonás. I will be contacting SPI (http://www.spi-inc.org/) regarding this, as OpenVAS is a member project. Cheers, Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
Am Donnerstag, 17. Juli 2008 07:31:32 schrieb Tim Brown: On Thursday 26 June 2008 14:51:08 Jan-Oliver Wagner wrote: how about arranging a Contest 'Best advances for OpenVAS Network Vulnerability Tests' in order to make OpenVAS more known, get people to look on how to implement further NVTs or in other ways implement ideas to improve OpenVAS? I'm game, I'll throw in the 100 euro prize personally. Great! I suspect we need to get details up on the web site and announce it on the various security forums. I'd be glad if anyone can take care of this as I am really short of time next 10 days. What needs to be done is shift dates, improve text, update amounts and contributors and then get the web page online as well as prominently linked from the homepage. Then send it to the security forums or whereever it fits. Are we considering your email a formal announcement of intent? You mean the Euro amount for such a prize? Yes, sure! I now count a total of 1000 Euro already (Intevation/DN-Systems/T.Brown) :-) Best Jan ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
On Thursday 26 June 2008 14:51:08 Jan-Oliver Wagner wrote: how about arranging a Contest 'Best advances for OpenVAS Network Vulnerability Tests' in order to make OpenVAS more known, get people to look on how to implement further NVTs or in other ways implement ideas to improve OpenVAS? I'm game, I'll throw in the 100 euro prize personally. I suspect we need to get details up on the web site and announce it on the various security forums. Are we considering your email a formal announcement of intent? Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ signature.asc Description: This is a digitally signed message part. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
On Donnerstag, 26. Juni 2008, Jan-Oliver Wagner wrote: how about arranging a Contest 'Best advances for OpenVAS Network Vulnerability Tests' in order to make OpenVAS more known, get people to look on how to implement further NVTs or in other ways implement ideas to improve OpenVAS? What I am having in mind is something like this (just quickly drafted and entirely open for suggestions how to change or extend or entirely rewrite it): I received message from DN-Systems that they support the idea and will add some Euros to the prize :-) More comments urgently welcome. Best Jan -- Dr. Jan-Oliver WagnerIntevation GmbH, Osnabrück Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] idea: Contest 'Best advances for OpenVAS Network Vulnerability Tests'
Hi, how about arranging a Contest 'Best advances for OpenVAS Network Vulnerability Tests' in order to make OpenVAS more known, get people to look on how to implement further NVTs or in other ways implement ideas to improve OpenVAS? What I am having in mind is something like this (just quickly drafted and entirely open for suggestions how to change or extend or entirely rewrite it): Contest: Best advances for OpenVAS Network Vulnerability Tests The OpenVAS Team (Open Vulnerbility Assessment System, [1]) calls for submission of patches, scripts, converters or anything else that significantly improves the OpenVAS framework for extendedOpen Source Network Vulnerability Testing. Basically your are free to choose the actual area of improvements, examples are: * New .nasl scripts for recent security alerts * NASL libraries for simplifying development of new test scripts * Converter routines that (semi-)automatically create NASL scripts from formal security alerts. * Performance improvements for the current tests. There are arbitrary other ways to extend/improve the OpenVAS test routines. The only hard requirement is that your solution is published as Free Software under GNU GPLv2+. Current winner prices are (the amount might increase because additional sponsors are welcome to add to the price as along as the contest is open): 1: 500 Euro 2: 300 Euro 3: 100 Euro The sponsors and OpenVAS steering team will jointly choose the winners inspired by these criteria: * number of CVEs/BIDs covered * relevance of the covered alerts * sustainable future benefit (e.g. in the case of supporting APIs) * how well the development was coordinated via the public OpenVAS mailing lists (teams may win as well) * code quality (documentation, design, style) Contest sponsors are (sorted by sponsored amount): * Intevation GmbH, www.intevation.net Time table: 2008-07-01: Contest started 2008-09-30: Contest closes 2007-10-15: Winners nominated How to participate: * express you wish to participate on the OpenVAS mailing list and what you plan to work on * summarize you contribution before contests closes [1] www.openvas.org Maybe we can get some press on board to support such a contest? What do you think? Stupid idea? Unrealisitic to find enough people? Best Jan -- Dr. Jan-Oliver WagnerIntevation GmbH, Osnabrück Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss