New Project?

[Alejandro Caceres <ac...@hyperiongray.com>]

Hey Folks,

I'm interested in submitting a project as a seedling and am looking exactly
where to start. The project is already off the ground, being used by many,
is stable, reasonably mature (it's in alpha release), open source, and
already Apache licensed. I've been looking at a lot of resources to how
best to submit this to Apache and from what I understand I need to:

Find a "champion/mentor" for the project and a "sponsor" -> submit an
incubator application -> wait (or do i submit for a vote on general@?)  ->
... -> profit :)

For a bit more context, my project is http://scylla.sh or
https://github.com/acaceres2176/scylla. This project aggregates and makes
searchable database leaks and other information security data that is easy
for attackers to find (they have blackhat and underground resources) but
difficult for security professionals trying to defend their network (they
cannot buy stolen data, are not plugged into the blackhat hacker community,
and frankly generally don't know "where to start"). The Scylla engine aims
to even the playing field by making this data available and completely free
for everyone. The feed is meant to power threat intelligence engines to aid
in the defense of both large corporate networks, but also be accessible to
an average user who wants to check what information of theirs has been
leaked. It's a passion project of mine and have been working on it for
several months already. We have several terabytes of data and good
attention from the infosec community.

Anyway, sorry for the brain dump above, but I suppose I should mainly ask -
where do I go from here? Do I simply ask this mailing list if there is a
sponsor and champion willing to bring this in as a podling?

Thanks!
Alex



-- 
___

Alejandro Caceres
Hyperion Gray, LLC
Owner/CTO

Re: New Project?

[Danny Angus <da...@gmail.com>]

Existing commiters can start new projects in the labs labs.apache.org

D.

On Thu, 4 Jul 2019, 5:44 am Andrew Garza, <ag...@gmail.com> wrote:

> Thank u for the info.
>
> On Tue, Jul 2, 2019, 7:00 PM Dave Fisher <da...@comcast.net> wrote:
>
> > Hi -
> >
> > To me you have two parts. One fits Apache and the other would need to be
> > outside.
> >
> > (1) Open Source Software which is the library, service and CLI tools.
> This
> > is something that an Apache Community could grow around and be governed
> in
> > the Apache Way. This part can be incubated.
> >
> > (2) Open Data. Justin refers to Kibble and Pony Mail which are incubating
> > projects around consuming Apache Community data mostly. I would point out
> > that you could host the data portion of your community elsewhere by some
> > community members or others outside of Apache PMCs. Here is a real
> example.
> > Apache Tika, PDFBox and POI PMCs all share a set of regression test
> > documents (
> >
> https://openpreservation.org/blog/2016/10/04/apache-tikas-regression-corpus-tika-1302/
> )
> > and a community member Dominik Stadler (
> > https://github.com/centic9/CommonCrawlDocumentDownload) that are
> > retrieved from Common Crawl (http://commoncrawl.org) which uses the AWS
> > Public Dataset Program (https://aws.amazon.com/opendata/public-datasets/
> )
> >
> > Regards,
> > Dave
> >
> > > On Jul 2, 2019, at 1:59 PM, Alejandro Caceres <
> acaceres@hyperiongray.com>
> > wrote:
> > >
> > > Hi Matt,
> > >
> > > Thanks for the response. You are sort of correct, I would say the end
> > goal
> > > is a service - an open source engine that is able to grab and ingest
> this
> > > highly unstructured security information and turn it into something
> > useful
> > > - then provide that back to the user in a few different forms. One
> would
> > be
> > > a web services API for general use exposed to the Internet (a service,
> > like
> > > you said), and another would be a series of command line tools and
> > > libraries that others can use to ingest this information easily. the
> > third
> > > goal would be: not only is the code open source, but all data used in
> the
> > > application is available itself, so this could easily be used to run a
> > > personal node of this information for an organization, scylla.sh is
> > simply
> > > my instance that I expose to the Internet at large for those that don't
> > > want to run a "full node". If that is more palatable to the ASF I'm
> glad
> > to
> > > make that the focus. In other words: I'm not married to any model here.
> > >
> > > I knew coming in that it's a bit unconventional for Apache, but, I
> think,
> > > it is a unique and powerful project that would increase engagement from
> > the
> > > infosec community in which I personally, as well as my R&D company have
> > > some good visibility from. In other words, just testing the waters to
> see
> > > how this is received by ASF :).
> > >
> > > Alex
> > >
> > >
> > > On Tue, Jul 2, 2019 at 3:44 PM Matt Sicker <bo...@gmail.com> wrote:
> > >
> > >> I'm a little unclear about the scope of the project here. This project
> > >> looks more like a service, and I don't know of any ASF projects that
> > >> exist to provide services outside the ASF.
> > >>
> > >> On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
> > >> <ac...@hyperiongray.com> wrote:
> > >>>
> > >>> Hey Folks,
> > >>>
> > >>> I'm interested in submitting a project as a seedling and am looking
> > >> exactly
> > >>> where to start. The project is already off the ground, being used by
> > >> many,
> > >>> is stable, reasonably mature (it's in alpha release), open source,
> and
> > >>> already Apache licensed. I've been looking at a lot of resources to
> how
> > >>> best to submit this to Apache and from what I understand I need to:
> > >>>
> > >>> Find a "champion/mentor" for the project and a "sponsor" -> submit an
> > >>> incubator application -> wait (or do i submit for a vote on general@
> ?)
> > >> ->
> > >>> ... -> profit :)
> > >>>
> > >>> For a bit more context, my project is http://scylla.sh or
> > >>> https://github.com/acaceres2176/scylla. This project aggregates and
> > >> makes
> > >>> searchable database leaks and other information security data that is
> > >> easy
> > >>> for attackers to find (they have blackhat and underground resources)
> > but
> > >>> difficult for security professionals trying to defend their network
> > (they
> > >>> cannot buy stolen data, are not plugged into the blackhat hacker
> > >> community,
> > >>> and frankly generally don't know "where to start"). The Scylla engine
> > >> aims
> > >>> to even the playing field by making this data available and
> completely
> > >> free
> > >>> for everyone. The feed is meant to power threat intelligence engines
> to
> > >> aid
> > >>> in the defense of both large corporate networks, but also be
> accessible
> > >> to
> > >>> an average user who wants to check what information of theirs has
> been
> > >>> leaked. It's a passion project of mine and have been working on it
> for
> > >>> several months already. We have several terabytes of data and good
> > >>> attention from the infosec community.
> > >>>
> > >>> Anyway, sorry for the brain dump above, but I suppose I should mainly
> > >> ask -
> > >>> where do I go from here? Do I simply ask this mailing list if there
> is
> > a
> > >>> sponsor and champion willing to bring this in as a podling?
> > >>>
> > >>> Thanks!
> > >>> Alex
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> ___
> > >>>
> > >>> Alejandro Caceres
> > >>> Hyperion Gray, LLC
> > >>> Owner/CTO
> > >>
> > >>
> > >>
> > >> --
> > >> Matt Sicker <bo...@gmail.com>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > >> For additional commands, e-mail: general-help@incubator.apache.org
> > >>
> > >>
> > >
> > > --
> > > ___
> > >
> > > Alejandro Caceres
> > > Hyperion Gray, LLC
> > > Owner/CTO
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
> >
>

Re: New Project?

[Andrew Garza <ag...@gmail.com>]

Thank u for the info.

On Tue, Jul 2, 2019, 7:00 PM Dave Fisher <da...@comcast.net> wrote:

> Hi -
>
> To me you have two parts. One fits Apache and the other would need to be
> outside.
>
> (1) Open Source Software which is the library, service and CLI tools. This
> is something that an Apache Community could grow around and be governed in
> the Apache Way. This part can be incubated.
>
> (2) Open Data. Justin refers to Kibble and Pony Mail which are incubating
> projects around consuming Apache Community data mostly. I would point out
> that you could host the data portion of your community elsewhere by some
> community members or others outside of Apache PMCs. Here is a real example.
> Apache Tika, PDFBox and POI PMCs all share a set of regression test
> documents (
> https://openpreservation.org/blog/2016/10/04/apache-tikas-regression-corpus-tika-1302/)
> and a community member Dominik Stadler (
> https://github.com/centic9/CommonCrawlDocumentDownload) that are
> retrieved from Common Crawl (http://commoncrawl.org) which uses the AWS
> Public Dataset Program (https://aws.amazon.com/opendata/public-datasets/)
>
> Regards,
> Dave
>
> > On Jul 2, 2019, at 1:59 PM, Alejandro Caceres <ac...@hyperiongray.com>
> wrote:
> >
> > Hi Matt,
> >
> > Thanks for the response. You are sort of correct, I would say the end
> goal
> > is a service - an open source engine that is able to grab and ingest this
> > highly unstructured security information and turn it into something
> useful
> > - then provide that back to the user in a few different forms. One would
> be
> > a web services API for general use exposed to the Internet (a service,
> like
> > you said), and another would be a series of command line tools and
> > libraries that others can use to ingest this information easily. the
> third
> > goal would be: not only is the code open source, but all data used in the
> > application is available itself, so this could easily be used to run a
> > personal node of this information for an organization, scylla.sh is
> simply
> > my instance that I expose to the Internet at large for those that don't
> > want to run a "full node". If that is more palatable to the ASF I'm glad
> to
> > make that the focus. In other words: I'm not married to any model here.
> >
> > I knew coming in that it's a bit unconventional for Apache, but, I think,
> > it is a unique and powerful project that would increase engagement from
> the
> > infosec community in which I personally, as well as my R&D company have
> > some good visibility from. In other words, just testing the waters to see
> > how this is received by ASF :).
> >
> > Alex
> >
> >
> > On Tue, Jul 2, 2019 at 3:44 PM Matt Sicker <bo...@gmail.com> wrote:
> >
> >> I'm a little unclear about the scope of the project here. This project
> >> looks more like a service, and I don't know of any ASF projects that
> >> exist to provide services outside the ASF.
> >>
> >> On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
> >> <ac...@hyperiongray.com> wrote:
> >>>
> >>> Hey Folks,
> >>>
> >>> I'm interested in submitting a project as a seedling and am looking
> >> exactly
> >>> where to start. The project is already off the ground, being used by
> >> many,
> >>> is stable, reasonably mature (it's in alpha release), open source, and
> >>> already Apache licensed. I've been looking at a lot of resources to how
> >>> best to submit this to Apache and from what I understand I need to:
> >>>
> >>> Find a "champion/mentor" for the project and a "sponsor" -> submit an
> >>> incubator application -> wait (or do i submit for a vote on general@?)
> >> ->
> >>> ... -> profit :)
> >>>
> >>> For a bit more context, my project is http://scylla.sh or
> >>> https://github.com/acaceres2176/scylla. This project aggregates and
> >> makes
> >>> searchable database leaks and other information security data that is
> >> easy
> >>> for attackers to find (they have blackhat and underground resources)
> but
> >>> difficult for security professionals trying to defend their network
> (they
> >>> cannot buy stolen data, are not plugged into the blackhat hacker
> >> community,
> >>> and frankly generally don't know "where to start"). The Scylla engine
> >> aims
> >>> to even the playing field by making this data available and completely
> >> free
> >>> for everyone. The feed is meant to power threat intelligence engines to
> >> aid
> >>> in the defense of both large corporate networks, but also be accessible
> >> to
> >>> an average user who wants to check what information of theirs has been
> >>> leaked. It's a passion project of mine and have been working on it for
> >>> several months already. We have several terabytes of data and good
> >>> attention from the infosec community.
> >>>
> >>> Anyway, sorry for the brain dump above, but I suppose I should mainly
> >> ask -
> >>> where do I go from here? Do I simply ask this mailing list if there is
> a
> >>> sponsor and champion willing to bring this in as a podling?
> >>>
> >>> Thanks!
> >>> Alex
> >>>
> >>>
> >>>
> >>> --
> >>> ___
> >>>
> >>> Alejandro Caceres
> >>> Hyperion Gray, LLC
> >>> Owner/CTO
> >>
> >>
> >>
> >> --
> >> Matt Sicker <bo...@gmail.com>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> >> For additional commands, e-mail: general-help@incubator.apache.org
> >>
> >>
> >
> > --
> > ___
> >
> > Alejandro Caceres
> > Hyperion Gray, LLC
> > Owner/CTO
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>

Re: New Project?

[Dave Fisher <da...@comcast.net>]

Hi -

To me you have two parts. One fits Apache and the other would need to be outside.

(1) Open Source Software which is the library, service and CLI tools. This is something that an Apache Community could grow around and be governed in the Apache Way. This part can be incubated.

(2) Open Data. Justin refers to Kibble and Pony Mail which are incubating projects around consuming Apache Community data mostly. I would point out that you could host the data portion of your community elsewhere by some community members or others outside of Apache PMCs. Here is a real example. Apache Tika, PDFBox and POI PMCs all share a set of regression test documents (https://openpreservation.org/blog/2016/10/04/apache-tikas-regression-corpus-tika-1302/) and a community member Dominik Stadler (https://github.com/centic9/CommonCrawlDocumentDownload) that are retrieved from Common Crawl (http://commoncrawl.org) which uses the AWS Public Dataset Program (https://aws.amazon.com/opendata/public-datasets/)

Regards,
Dave

> On Jul 2, 2019, at 1:59 PM, Alejandro Caceres <ac...@hyperiongray.com> wrote:
> 
> Hi Matt,
> 
> Thanks for the response. You are sort of correct, I would say the end goal
> is a service - an open source engine that is able to grab and ingest this
> highly unstructured security information and turn it into something useful
> - then provide that back to the user in a few different forms. One would be
> a web services API for general use exposed to the Internet (a service, like
> you said), and another would be a series of command line tools and
> libraries that others can use to ingest this information easily. the third
> goal would be: not only is the code open source, but all data used in the
> application is available itself, so this could easily be used to run a
> personal node of this information for an organization, scylla.sh is simply
> my instance that I expose to the Internet at large for those that don't
> want to run a "full node". If that is more palatable to the ASF I'm glad to
> make that the focus. In other words: I'm not married to any model here.
> 
> I knew coming in that it's a bit unconventional for Apache, but, I think,
> it is a unique and powerful project that would increase engagement from the
> infosec community in which I personally, as well as my R&D company have
> some good visibility from. In other words, just testing the waters to see
> how this is received by ASF :).
> 
> Alex
> 
> 
> On Tue, Jul 2, 2019 at 3:44 PM Matt Sicker <bo...@gmail.com> wrote:
> 
>> I'm a little unclear about the scope of the project here. This project
>> looks more like a service, and I don't know of any ASF projects that
>> exist to provide services outside the ASF.
>> 
>> On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
>> <ac...@hyperiongray.com> wrote:
>>> 
>>> Hey Folks,
>>> 
>>> I'm interested in submitting a project as a seedling and am looking
>> exactly
>>> where to start. The project is already off the ground, being used by
>> many,
>>> is stable, reasonably mature (it's in alpha release), open source, and
>>> already Apache licensed. I've been looking at a lot of resources to how
>>> best to submit this to Apache and from what I understand I need to:
>>> 
>>> Find a "champion/mentor" for the project and a "sponsor" -> submit an
>>> incubator application -> wait (or do i submit for a vote on general@?)
>> ->
>>> ... -> profit :)
>>> 
>>> For a bit more context, my project is http://scylla.sh or
>>> https://github.com/acaceres2176/scylla. This project aggregates and
>> makes
>>> searchable database leaks and other information security data that is
>> easy
>>> for attackers to find (they have blackhat and underground resources) but
>>> difficult for security professionals trying to defend their network (they
>>> cannot buy stolen data, are not plugged into the blackhat hacker
>> community,
>>> and frankly generally don't know "where to start"). The Scylla engine
>> aims
>>> to even the playing field by making this data available and completely
>> free
>>> for everyone. The feed is meant to power threat intelligence engines to
>> aid
>>> in the defense of both large corporate networks, but also be accessible
>> to
>>> an average user who wants to check what information of theirs has been
>>> leaked. It's a passion project of mine and have been working on it for
>>> several months already. We have several terabytes of data and good
>>> attention from the infosec community.
>>> 
>>> Anyway, sorry for the brain dump above, but I suppose I should mainly
>> ask -
>>> where do I go from here? Do I simply ask this mailing list if there is a
>>> sponsor and champion willing to bring this in as a podling?
>>> 
>>> Thanks!
>>> Alex
>>> 
>>> 
>>> 
>>> --
>>> ___
>>> 
>>> Alejandro Caceres
>>> Hyperion Gray, LLC
>>> Owner/CTO
>> 
>> 
>> 
>> --
>> Matt Sicker <bo...@gmail.com>
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>> 
>> 
> 
> -- 
> ___
> 
> Alejandro Caceres
> Hyperion Gray, LLC
> Owner/CTO


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org

Re: New Project?

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> Thanks for the response. You are sort of correct, I would say the end goal
> is a service

We do have a couple of project along those lines eg. pony mail and kibble,, so that may not be an issue.

Is there an existing code base and a community using it?

Thanks,
Justin

Re: New Project?

[Dave Fisher <da...@comcast.net>]

Hi -

To me you have two parts. One fits Apache and the other would need to be outside.

(1) Open Source Software which is the library, service and CLI tools. This is something that an Apache Community could grow around and be governed in the Apache Way. This part can be incubated.

(2) Open Data. Justin refers to Kibble and Pony Mail which are incubating projects around consuming Apache Community data mostly. I would point out that you could host the data portion of your community elsewhere by some community members or others outside of Apache PMCs. Here is a real example. Apache Tika, PDFBox and POI PMCs all share a set of regression test documents (https://openpreservation.org/blog/2016/10/04/apache-tikas-regression-corpus-tika-1302/) and a community member Dominik Stadler (https://github.com/centic9/CommonCrawlDocumentDownload) that are retrieved from Common Crawl (http://commoncrawl.org) which uses the AWS Public Dataset Program (https://aws.amazon.com/opendata/public-datasets/)

Regards,
Dave

> On Jul 2, 2019, at 1:59 PM, Alejandro Caceres <ac...@hyperiongray.com> wrote:
> 
> Hi Matt,
> 
> Thanks for the response. You are sort of correct, I would say the end goal
> is a service - an open source engine that is able to grab and ingest this
> highly unstructured security information and turn it into something useful
> - then provide that back to the user in a few different forms. One would be
> a web services API for general use exposed to the Internet (a service, like
> you said), and another would be a series of command line tools and
> libraries that others can use to ingest this information easily. the third
> goal would be: not only is the code open source, but all data used in the
> application is available itself, so this could easily be used to run a
> personal node of this information for an organization, scylla.sh is simply
> my instance that I expose to the Internet at large for those that don't
> want to run a "full node". If that is more palatable to the ASF I'm glad to
> make that the focus. In other words: I'm not married to any model here.
> 
> I knew coming in that it's a bit unconventional for Apache, but, I think,
> it is a unique and powerful project that would increase engagement from the
> infosec community in which I personally, as well as my R&D company have
> some good visibility from. In other words, just testing the waters to see
> how this is received by ASF :).
> 
> Alex
> 
> 
> On Tue, Jul 2, 2019 at 3:44 PM Matt Sicker <bo...@gmail.com> wrote:
> 
>> I'm a little unclear about the scope of the project here. This project
>> looks more like a service, and I don't know of any ASF projects that
>> exist to provide services outside the ASF.
>> 
>> On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
>> <ac...@hyperiongray.com> wrote:
>>> 
>>> Hey Folks,
>>> 
>>> I'm interested in submitting a project as a seedling and am looking
>> exactly
>>> where to start. The project is already off the ground, being used by
>> many,
>>> is stable, reasonably mature (it's in alpha release), open source, and
>>> already Apache licensed. I've been looking at a lot of resources to how
>>> best to submit this to Apache and from what I understand I need to:
>>> 
>>> Find a "champion/mentor" for the project and a "sponsor" -> submit an
>>> incubator application -> wait (or do i submit for a vote on general@?)
>> ->
>>> ... -> profit :)
>>> 
>>> For a bit more context, my project is http://scylla.sh or
>>> https://github.com/acaceres2176/scylla. This project aggregates and
>> makes
>>> searchable database leaks and other information security data that is
>> easy
>>> for attackers to find (they have blackhat and underground resources) but
>>> difficult for security professionals trying to defend their network (they
>>> cannot buy stolen data, are not plugged into the blackhat hacker
>> community,
>>> and frankly generally don't know "where to start"). The Scylla engine
>> aims
>>> to even the playing field by making this data available and completely
>> free
>>> for everyone. The feed is meant to power threat intelligence engines to
>> aid
>>> in the defense of both large corporate networks, but also be accessible
>> to
>>> an average user who wants to check what information of theirs has been
>>> leaked. It's a passion project of mine and have been working on it for
>>> several months already. We have several terabytes of data and good
>>> attention from the infosec community.
>>> 
>>> Anyway, sorry for the brain dump above, but I suppose I should mainly
>> ask -
>>> where do I go from here? Do I simply ask this mailing list if there is a
>>> sponsor and champion willing to bring this in as a podling?
>>> 
>>> Thanks!
>>> Alex
>>> 
>>> 
>>> 
>>> --
>>> ___
>>> 
>>> Alejandro Caceres
>>> Hyperion Gray, LLC
>>> Owner/CTO
>> 
>> 
>> 
>> --
>> Matt Sicker <bo...@gmail.com>
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>> 
>> 
> 
> -- 
> ___
> 
> Alejandro Caceres
> Hyperion Gray, LLC
> Owner/CTO


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org

Re: New Project?

[Alejandro Caceres <ac...@hyperiongray.com>]

Hi Matt,

Thanks for the response. You are sort of correct, I would say the end goal
is a service - an open source engine that is able to grab and ingest this
highly unstructured security information and turn it into something useful
- then provide that back to the user in a few different forms. One would be
a web services API for general use exposed to the Internet (a service, like
you said), and another would be a series of command line tools and
libraries that others can use to ingest this information easily. the third
goal would be: not only is the code open source, but all data used in the
application is available itself, so this could easily be used to run a
personal node of this information for an organization, scylla.sh is simply
my instance that I expose to the Internet at large for those that don't
want to run a "full node". If that is more palatable to the ASF I'm glad to
make that the focus. In other words: I'm not married to any model here.

I knew coming in that it's a bit unconventional for Apache, but, I think,
it is a unique and powerful project that would increase engagement from the
infosec community in which I personally, as well as my R&D company have
some good visibility from. In other words, just testing the waters to see
how this is received by ASF :).

Alex


On Tue, Jul 2, 2019 at 3:44 PM Matt Sicker <bo...@gmail.com> wrote:

> I'm a little unclear about the scope of the project here. This project
> looks more like a service, and I don't know of any ASF projects that
> exist to provide services outside the ASF.
>
> On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
> <ac...@hyperiongray.com> wrote:
> >
> > Hey Folks,
> >
> > I'm interested in submitting a project as a seedling and am looking
> exactly
> > where to start. The project is already off the ground, being used by
> many,
> > is stable, reasonably mature (it's in alpha release), open source, and
> > already Apache licensed. I've been looking at a lot of resources to how
> > best to submit this to Apache and from what I understand I need to:
> >
> > Find a "champion/mentor" for the project and a "sponsor" -> submit an
> > incubator application -> wait (or do i submit for a vote on general@?)
> ->
> > ... -> profit :)
> >
> > For a bit more context, my project is http://scylla.sh or
> > https://github.com/acaceres2176/scylla. This project aggregates and
> makes
> > searchable database leaks and other information security data that is
> easy
> > for attackers to find (they have blackhat and underground resources) but
> > difficult for security professionals trying to defend their network (they
> > cannot buy stolen data, are not plugged into the blackhat hacker
> community,
> > and frankly generally don't know "where to start"). The Scylla engine
> aims
> > to even the playing field by making this data available and completely
> free
> > for everyone. The feed is meant to power threat intelligence engines to
> aid
> > in the defense of both large corporate networks, but also be accessible
> to
> > an average user who wants to check what information of theirs has been
> > leaked. It's a passion project of mine and have been working on it for
> > several months already. We have several terabytes of data and good
> > attention from the infosec community.
> >
> > Anyway, sorry for the brain dump above, but I suppose I should mainly
> ask -
> > where do I go from here? Do I simply ask this mailing list if there is a
> > sponsor and champion willing to bring this in as a podling?
> >
> > Thanks!
> > Alex
> >
> >
> >
> > --
> > ___
> >
> > Alejandro Caceres
> > Hyperion Gray, LLC
> > Owner/CTO
>
>
>
> --
> Matt Sicker <bo...@gmail.com>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

-- 
___

Alejandro Caceres
Hyperion Gray, LLC
Owner/CTO

Re: New Project?

[Alejandro Caceres <ac...@hyperiongray.com>]

Hi Matt,

Thanks for the response. You are sort of correct, I would say the end goal
is a service - an open source engine that is able to grab and ingest this
highly unstructured security information and turn it into something useful
- then provide that back to the user in a few different forms. One would be
a web services API for general use exposed to the Internet (a service, like
you said), and another would be a series of command line tools and
libraries that others can use to ingest this information easily. the third
goal would be: not only is the code open source, but all data used in the
application is available itself, so this could easily be used to run a
personal node of this information for an organization, scylla.sh is simply
my instance that I expose to the Internet at large for those that don't
want to run a "full node". If that is more palatable to the ASF I'm glad to
make that the focus. In other words: I'm not married to any model here.

I knew coming in that it's a bit unconventional for Apache, but, I think,
it is a unique and powerful project that would increase engagement from the
infosec community in which I personally, as well as my R&D company have
some good visibility from. In other words, just testing the waters to see
how this is received by ASF :).

Alex


On Tue, Jul 2, 2019 at 3:44 PM Matt Sicker <bo...@gmail.com> wrote:

> I'm a little unclear about the scope of the project here. This project
> looks more like a service, and I don't know of any ASF projects that
> exist to provide services outside the ASF.
>
> On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
> <ac...@hyperiongray.com> wrote:
> >
> > Hey Folks,
> >
> > I'm interested in submitting a project as a seedling and am looking
> exactly
> > where to start. The project is already off the ground, being used by
> many,
> > is stable, reasonably mature (it's in alpha release), open source, and
> > already Apache licensed. I've been looking at a lot of resources to how
> > best to submit this to Apache and from what I understand I need to:
> >
> > Find a "champion/mentor" for the project and a "sponsor" -> submit an
> > incubator application -> wait (or do i submit for a vote on general@?)
> ->
> > ... -> profit :)
> >
> > For a bit more context, my project is http://scylla.sh or
> > https://github.com/acaceres2176/scylla. This project aggregates and
> makes
> > searchable database leaks and other information security data that is
> easy
> > for attackers to find (they have blackhat and underground resources) but
> > difficult for security professionals trying to defend their network (they
> > cannot buy stolen data, are not plugged into the blackhat hacker
> community,
> > and frankly generally don't know "where to start"). The Scylla engine
> aims
> > to even the playing field by making this data available and completely
> free
> > for everyone. The feed is meant to power threat intelligence engines to
> aid
> > in the defense of both large corporate networks, but also be accessible
> to
> > an average user who wants to check what information of theirs has been
> > leaked. It's a passion project of mine and have been working on it for
> > several months already. We have several terabytes of data and good
> > attention from the infosec community.
> >
> > Anyway, sorry for the brain dump above, but I suppose I should mainly
> ask -
> > where do I go from here? Do I simply ask this mailing list if there is a
> > sponsor and champion willing to bring this in as a podling?
> >
> > Thanks!
> > Alex
> >
> >
> >
> > --
> > ___
> >
> > Alejandro Caceres
> > Hyperion Gray, LLC
> > Owner/CTO
>
>
>
> --
> Matt Sicker <bo...@gmail.com>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

-- 
___

Alejandro Caceres
Hyperion Gray, LLC
Owner/CTO

Re: New Project?

[Matt Sicker <bo...@gmail.com>]

I'm a little unclear about the scope of the project here. This project
looks more like a service, and I don't know of any ASF projects that
exist to provide services outside the ASF.

On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
<ac...@hyperiongray.com> wrote:
>
> Hey Folks,
>
> I'm interested in submitting a project as a seedling and am looking exactly
> where to start. The project is already off the ground, being used by many,
> is stable, reasonably mature (it's in alpha release), open source, and
> already Apache licensed. I've been looking at a lot of resources to how
> best to submit this to Apache and from what I understand I need to:
>
> Find a "champion/mentor" for the project and a "sponsor" -> submit an
> incubator application -> wait (or do i submit for a vote on general@?)  ->
> ... -> profit :)
>
> For a bit more context, my project is http://scylla.sh or
> https://github.com/acaceres2176/scylla. This project aggregates and makes
> searchable database leaks and other information security data that is easy
> for attackers to find (they have blackhat and underground resources) but
> difficult for security professionals trying to defend their network (they
> cannot buy stolen data, are not plugged into the blackhat hacker community,
> and frankly generally don't know "where to start"). The Scylla engine aims
> to even the playing field by making this data available and completely free
> for everyone. The feed is meant to power threat intelligence engines to aid
> in the defense of both large corporate networks, but also be accessible to
> an average user who wants to check what information of theirs has been
> leaked. It's a passion project of mine and have been working on it for
> several months already. We have several terabytes of data and good
> attention from the infosec community.
>
> Anyway, sorry for the brain dump above, but I suppose I should mainly ask -
> where do I go from here? Do I simply ask this mailing list if there is a
> sponsor and champion willing to bring this in as a podling?
>
> Thanks!
> Alex
>
>
>
> --
> ___
>
> Alejandro Caceres
> Hyperion Gray, LLC
> Owner/CTO



-- 
Matt Sicker <bo...@gmail.com>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org

Re: New Project?

[Matt Sicker <bo...@gmail.com>]

I'm a little unclear about the scope of the project here. This project
looks more like a service, and I don't know of any ASF projects that
exist to provide services outside the ASF.

On Tue, 2 Jul 2019 at 14:28, Alejandro Caceres
<ac...@hyperiongray.com> wrote:
>
> Hey Folks,
>
> I'm interested in submitting a project as a seedling and am looking exactly
> where to start. The project is already off the ground, being used by many,
> is stable, reasonably mature (it's in alpha release), open source, and
> already Apache licensed. I've been looking at a lot of resources to how
> best to submit this to Apache and from what I understand I need to:
>
> Find a "champion/mentor" for the project and a "sponsor" -> submit an
> incubator application -> wait (or do i submit for a vote on general@?)  ->
> ... -> profit :)
>
> For a bit more context, my project is http://scylla.sh or
> https://github.com/acaceres2176/scylla. This project aggregates and makes
> searchable database leaks and other information security data that is easy
> for attackers to find (they have blackhat and underground resources) but
> difficult for security professionals trying to defend their network (they
> cannot buy stolen data, are not plugged into the blackhat hacker community,
> and frankly generally don't know "where to start"). The Scylla engine aims
> to even the playing field by making this data available and completely free
> for everyone. The feed is meant to power threat intelligence engines to aid
> in the defense of both large corporate networks, but also be accessible to
> an average user who wants to check what information of theirs has been
> leaked. It's a passion project of mine and have been working on it for
> several months already. We have several terabytes of data and good
> attention from the infosec community.
>
> Anyway, sorry for the brain dump above, but I suppose I should mainly ask -
> where do I go from here? Do I simply ask this mailing list if there is a
> sponsor and champion willing to bring this in as a podling?
>
> Thanks!
> Alex
>
>
>
> --
> ___
>
> Alejandro Caceres
> Hyperion Gray, LLC
> Owner/CTO



-- 
Matt Sicker <bo...@gmail.com>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org

Re: New Project?

[Bertrand Delacretaz <bd...@codeconsult.ch>]

Hi,

On Tue, Jul 2, 2019 at 9:28 PM Alejandro Caceres
<ac...@hyperiongray.com> wrote:
> ...I've been looking at a lot of resources to how
> best to submit this to Apache...

Note that http://incubator.apache.org/cookbook/ might have useful
information as well.

-Bertrand

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org