As a mentor of OWASP OWTF (one of the OWASP Flagship projects), I am often asked for advice to put together a great GSoC proposal. How to write a winning proposal, one that will have maximum chances of acceptance. In this blog post I will share a number of tips including examples from Mohit Sharma, who has prepared an extraordinary proposal for OWASP OWTF this year, which will serve future GSoC aspirants and business-people and I am proud of him, he’s done a remarkable job.
I would like to take this opportunity to say that: We are thrilled to announce that Mohit has been accepted to work on OWASP OWTF for GSoC 2019 and he is already rocking hard on this project, Welcome Mohit! 🙂
His proposal valiantly demonstrates and highlights the key features required to put together a winning proposal. With a plausible timeline and convincing schedule, adequate length and sophisticated framework, immense tenacity and perseverance, preceding involvement and prior experience towards the project, he did achieve an invaluable and resolute Google Summer of Code proposal.
Important Steps to Write a Winning Proposal:
Some of the key factors you should keep in mind while composing a winning proposal are:
Tip #1: The Power of Focus
In 1519 AD, during the Spanish conquest of Mexico. Hernán Cortés, the Spanish commander scuttled his ships so that his men would have to conquer or die. This resulted in one of the most impressive conquests in history where an entire empire was defeated by only 500 men, 13 horses, a few canons and no prior experience leading men in combat (!).
Similarly, to create an extraordinary proposal, you must eliminate distractions and focus with all your heart and soul on the task at hand. All the amazing things one will ever achieve are based upon this mantra itself. Focusing on your goals is a healthy obsession. Converting this into habitual exercise makes an individual powerful enough to shock themselves. Temporarily “burn your ships”: Cut out social media, parties with friends and other distractions to be the best that you can be while writing your proposal.
“No guts, no glory!” goes the saying. The effort needed to generate rewards is directly proportional to taking certain risks.
For more techniques to improve your motivation and focus, please see my “Pentesting like a grandmaster” talk, which I gave at BSides London some time ago and perfectly applies to this.
Tip #2: Heilmeier’s Catechism
George H. Heilmeier came up with a set of questions that anyone proposing a research project or product development effort should be able to answer. These questions are also known as Heilmeier Catechism. Originally crafted for agencies and officials to help evaluate projects and proposals, these questions should also be at least indirectly answered in any great proposal:
- What are you trying to do? Articulate your objectives using absolutely no jargon.
- How is it done today, and what are the limits of current practice?
- What’s new in your approach and why do you think it will be successful?
- Who cares? If you’re successful, what difference will it make?
- What are the risks and the payoffs?
- How much will it cost?
- How long will it take?
- What are the midterm and final “exams” to check for success?
Some of the key points to be kept in mind while framing the proposal are also recommended through the Heilmeier Catechism. You can set your targets and frame the objectives, accordingly, clear your understanding of the target audience and their requirements, the merits and demerits of the proposal, and the limitations behind achieving the goals to decide on a suitable approach for implementing the proposal. In order to construct a great proposal, you need to take risks, dedicate your time, research effectively and keep in mind the costs. Do that and you’ll have something wonderful ready-to-go.
Tip #3: Clear your concept
Any project should start with a clear idea, if you cannot explain your project in a couple of sentences without jargon you are already in trouble. Ideas play a crucial role in the construction of a proposal. Ideas must clearly demonstrate what the proposal is striving towards or what the primary aim to be achieved is. Work on developing an idea that stands out. According to Heilmeier, anyone creating a proposal must begin with answering the potent question to oneself: “What are you trying to do? Articulate your objectives using absolutely no jargon.” Here is a screenshot from Mohit’s proposal which resonates with that:
Fig.: Simple Project Overview
Tip #4: Perform in-depth pre-implementation research
It is critical in any engineering (or software engineering) project, like all GSoC projects to perform in-depth pre-implementation research. The objective of pre-implementation research is to analyze how others have solved the problem you are now trying to solve. If there is anything in those projects that you could reuse, what challenges those projects had and how you are going to overcome those challenges. It is a critical part of the proposal; the “Shoulders of the Giants” from Isaac Newton’s famous quote: “If I could see further it was because I was standing in the shoulders of Giants”. Leverage previous work in your area to your advantage and use that as a trampoline to put your proposal above all others.
Fig.: Pre-implementation research excerpt from Mohit’s proposal
Other examples of pre-implementation research I have seen in other projects are:
- A thorough comparison of libraries to use (i.e. pros and cons of various projects that could be used to implement a new feature)
- Thorough testing of libraries to use (i.e. measure performance and other relevant features to the project)
Tip #5: Proof of Prior Project Involvement
Another critical aspect of GSoC or any proposal is to be involved with the project you are going to submit the proposal before the project starts. Ideally, you should have pull requests you can link to as proof of contribution, this makes you a pro-active candidate that took the time to understand and freely contribute to a given project prior to GSoC acceptance. The same is true in business or life: If you start by giving without expecting anything in exchange your reward tends to be much higher. Put yourself in the shoes of your reviewer: If you have 2 candidates and one has made substantial contributions while the other has not contributed anything, who would you take for the project?
In the case of Mohit, almost 2 entire pages of his proposal are links to pull requests:
Fig.: Proof of contribution prior to acceptance
Tip #6: Focus on both – Quality & Quantity
Quality alongside quantity is equally important in case of a proposal. It is a rather vague idea that only lengthy proposals, irrespective of their quality will be accepted. You need to dedicate similar effort and emphasis on quality as on quantity to establish a winning proposal. Focus on both!
Put on the reviewer’s hat: If you have a pile of 30+ proposals to review, you are looking for an excuse to stop reading, any major blunder may lead to the rejection of the proposal immediately, one of the reasons may be the length. Longer proposals require more effort than short ones. Generally speaking, (keeping aside the exceptions) proposals over 10 pages tend to reflect more effort and are believed of being worth of “having a closer look”, while “I wrote it in an hour” proposals under 4 pages are ranked very low by reviewers.
Tip #7: Support your proposal with pictures
One image is worth a thousand words, and with writing being a relatively new invention from the perspective of our lasting human evolution, most people are visual and welcome concepts conveyed through images.
Including pictures/graphs/screenshots is an easy and reliable way to determine that the proposal is easier to follow. Referential diagrams and graphs can be used to explain the content matter of the proposal. Factual representation through images makes the proposal seem lengthy (see tip above) and also presentation-friendly.
Fig.: Example visual element in Mohit’s proposal
Tip #8: Make the proposal easy to follow
Remember, a proposal will most likely be declined if the first few paragraphs fail to present a clear idea. A jargon-free and simple description is more than enough to present a transparent introduction. Similarly, the rest of the proposal should be easy to follow and make sense.
It is human nature to deflect blame to others, and some may feel like the reviewer should be smart enough to be able to follow your proposal. While there is some truth to that, if your proposal is hard to follow, your chances of acceptance will be lower because you are probably just not explaining things as clearly as you really could. And remember: Reviewers have a lot more proposals to read than your own, if you make it hard on them to follow your proposal chances are some just will stop reading and/or will rank you lower.
Tip #9: Set achievable goals
The project plan must be solid, believable with reasonable phases and an order of tasks that matches the goals. A contingent back-up with some previously implemented research should be kept in store with respect to the actual project plan. A short and unclear plan is likely to be discarded. Heilmeier’s proposed question that you should ask yourself at this point is: “How is it done today, and what are the limits of current practice?”
Fig.: Aim
Next week we will continue sharing more tips in “Lessons from Mohit Sharma For Business & GSoC [2/2]“, stay tuned 🙂
Follow Mohit on Twitter @ms892075
Learn more about OWTF https://www.owasp.org/index.php/OWASP_OWTF
