惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

OWASP

OWASP CVE Lite CLI Graduates to Lab Project Status | OWASP Foundation Aikido and OWASP bring agentic Code Audit to the global AppSec community | OWASP Foundation Community update regarding Richard Greenberg | OWASP Foundation OWASP Dependency-Track 5.0 Is Now Generally Available | OWASP Foundation Juice Shop v20.0.0 — a fresh squeeze of features, now with AI | OWASP Foundation Welcome to the Google Summer of Code 2026! | OWASP Foundation OWASP Foundation Unveils Its Strategic Plan for a World Without Insecure Software | OWASP Foundation The OWASP Foundation appoints Missie Lindsey as Director of Corporate Relations | OWASP Foundation Bridging the Gap in Product Lifecycle Management: How OpenEoX and CLE Work Together | OWASP Foundation Announcing the Retirement of OWASP Meetup Platform | OWASP Foundation The OWASP Foundation appoints Stacey Ebbs as Communications & Marketing Manager | OWASP Foundation OWASP Certified Secure Software Developer | OWASP Foundation OWASP Top 10 Community Survey | OWASP Foundation OWASP Elections 2025 - Become a member today! | OWASP Foundation Help Support Sherif Mansour by donating blood today! | OWASP Foundation cdxgen and CycloneDX .NET Join GitHub Secure Open Source Fund | OWASP Foundation InfoSecMap x OWASP Collaboration | OWASP Foundation OWASP x Google Summer of Code 2025 - Enabling 15 opportunities for impact | OWASP Foundation OWASP Enables AI Regulation That Works with OWASP AI Exchange | OWASP Foundation OWASP Calls to Build a Unified Framework for Global Vulnerability Intelligence | OWASP Foundation ASVS 5.0 RC1 is ready for your review! | OWASP Foundation OWASP Education and Training Committee update | OWASP Foundation Committees Advisory on Software Bill of Materials and Real-time Vulnerability Monitoring for Open-Source Software and Third-Party Dependencies | OWASP Foundation OWASP Juice Shop leadership changes & contributor recognition | OWASP Foundation Lifecycle events are part of the secure supply chain | OWASP Foundation More than a Password Day 2024 | OWASP Foundation A workaround for OWASP Foundation emails being blocked by Microsoft Office 365 | OWASP Foundation Securing React Native Mobile Apps with OWASP MAS | OWASP Foundation
GSoC 2025 Recap | OWASP Foundation
Fabio Cerullo & Starr Brown · 2025-10-01 · via OWASP
image

Wednesday, October 1, 2025

OWASP at Google Summer of Code 2025

Celebrating real impact, strong mentorship, and a growing community

The Google Summer of Code (GSoC) 2025 program has wrapped, and OWASP’s participation once again delivered meaningful improvements across the open-source security ecosystem. This year, 15 contributors worked across multiple OWASP projects, supported by 26 mentors. Of the 15 projects evaluated, 10 reached successful completion, three are still working on the final deliveries with extended deadlines, and two unfortunately not making the finish line.

Beyond code merged and features shipped, GSoC 2025 strengthened the pipeline of new contributors, future maintainers, and next-year mentors. Here’s a closer look at what we achieved together.

Program Snapshot

  • Contributors: 15
  • Mentors: 26 across the OWASP community
  • Project outcomes: 10 completed; 3 in progress, 2 not completed
  • Focus: Enhancing established tools, modernizing codebases, and exploring new AppSec directions

Project Highlights

OWASP Nest: API & Schema Development

Migrated the API toward Django Ninja, optimizing REST endpoints and paving the way for clearer schemas, better performance, and more maintainable service boundaries.

PyGoat v3: Architecture & Learning Experience Redefined

A major upgrade to OWASP PyGoat, the educational vulnerable app, focusing on modular architecture, clearer lab flows, and better secure-coding learning outcomes.

Nettacker: Recon Scan Improvements & Task Handling

Enhanced OWASP Nettacker with better reconnaissance scanning features and optimized task handling to reduce noise, improve reliability, and streamline operator feedback loops.

OWTF: MiTM Proxy Modernization

Modernized the Man-in-the-Middle proxy inside OWASP OWTF to improve stability and compatibility with evolving browser/proxy ecosystems.

OWASP OpenCRE: Gap Analysis Performance Optimization

Optimized gap analysis with improved Neo4j performance, AI-driven mappings between CREs and controls, and enhanced visualizations. Frontend upgrades for greater usability, responsiveness, and clarity.

OWASP BLT

Several impactful projects were developed to enhance open-source security, education, and contributor engagement:

  • Sahil Dhillon built an AI-powered GitHub assistant that helps maintainers review code, detect security vulnerabilities, and prioritize tasks using LLMs and rule-based scanning—all integrated into a GitHub bot and task management dashboard.

  • Krrish Sehgal extended OWASP BLT with a blockchain-backed, AI-scored gamification system to incentivize contributions like bug triaging and fixes.

  • Lucky Negi developed browser-based, interactive security labs for hands-on vulnerability triage and secure coding practice through gamified exercises.

  • Rinkita Dhana redesigned the OWASP BLT organization dashboard with real-time analytics, advanced filtering, and role-based collaboration tools to streamline team workflows and vulnerability management.

Together, these projects significantly advanced the usability, security, and educational value of the OWASP BLT ecosystem.

What Made These Projects Succeed

1. Focused Scoping & Iteration

Successful projects started with achievable milestones, then iterated toward stretch goals. Weekly demos, small PRs, and fast feedback helped contributors maintain momentum.

2. Communication Cadence

Mentors and contributors kept a regular rhythm: weekly 1:1s, short written updates, and community calls, so risks surfaced early and success was visible to the wider community.

3. Visibility & Recognition

Lightning talks, end-of-program showcases, and social posts gave contributors credit and confidence, while helping other projects discover reusable ideas.

4. Progressive Responsibility

As contributors matured, they took on triage, code reviews, or small leadership tasks.

Mentor & Org Admin Practices That Worked (and We’ll Repeat)

  • Set expectations early. Share onboarding docs, a “first-10-days” checklist, and communication norms before coding starts.

  • Require “commit early, commit often.” Small pull requests are easier to review and teach maintainers’ expectations quickly.

  • Pair mentorship. At least two mentors per project mitigates availability risks and reduces burnout.

  • Assess with real tasks. Simple environment-bring-up and “good first issue” tasks during selection predict success better than proposals alone.

  • Document a clear escalation path. If communication stalls, contributors know exactly how and when to reach Org Admins.

The Community Bonding period is where retention begins. This year we emphasized:

  • Welcome fast. Mentors greeted accepted contributors within 24 hours, then invited them to weekly community calls.

  • Context first. We explained why a project matters, where it’s used, and how it helps the broader AppSec community.

  • Lightweight structure. A shared roster (handles, proposals, repos, blog links), a weekly meeting schedule, and a short public update cadence.

  • Clear expectations. “Communicate early, communicate often”, and yes, check your email for program notices and logistics.

Get Involved

  • Contribute: Pick an OWASP project that aligns with your skills or interests and say hello in the project’s channels.

  • Mentor: If you’re a maintainer or experienced contributor, consider mentoring next year.

  • Propose Ideas: Help shape our next GSoC by proposing scoped, contributor-friendly project ideas with clear milestones.

  • Contributor Fair: Join the Contributor Fair at OWASP Global AppSec US 2025 in Washington, DC this November. Details are available here.

If you’re interested in contributing or mentoring in GSoC 2026, keep an eye on OWASP community channels for timelines, idea lists, and onboarding sessions. Let’s build on the momentum of 2025 together!

Thank You

Heartfelt thanks to our contributors & mentors and the wider OWASP community. Whether you shipped a feature, reviewed code, wrote docs, or helped someone get unblock—you moved AppSec forward.

Fabio Cerullo and Starr Brown
OWASP Org Admins


Published: October 2025 ```