CIRCL - Request for Proposals for Software Services and Engineering (2022-02)

CIRCL - Request for Proposals for Software Services and Engineering (2022-02)

The scope of the RfP is the supply and delivery of Software Services and Engineering to CIRCL within a scope of internal software. The candidate supplier must submit an offer for a single package. The candidate supplier can select the package for which he wishes to bid. The RfP fall into the category of “MARCHÉS PUBLICS DE FAIBLE ENVERGURE”.

Package 01 - Lookyloo and Pandora development and maintenance

  • Pandora framework is an open source project and an analysis framework to discover if a file is suspicious and conveniently show the results;
  • Lookyloo is an open source project composed of web interface and back-end which allows users to capture a website page and then display a tree of domains that call each other;
  • The supplier must handle the development of the Lookyloo project, Pandora framework and related toolsets used for analysis in close collaboration with CIRCL team;
  • The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
  • The supplier must maintain the code including the review and merge of pull-requests from third parties;
  • The supplier must evaluate and contribute to the evolution of the Lookyloo project and Pandora with CIRCL;
  • The supplier must maintain the associated documentation to keep it in-line with the Lookyloo services and Pandora online services;
  • The community management of the Lookyloo project and pandora framework will be handle by the supplier along with CIRCL;
  • The supplier will work with CIRCL to test and maintain production systems accessible to users;
  • The supplier will work with CIRCL to integrate with the incident process and toolset at CIRCL including urlabuse;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the Lookyloo community or Pandora;

Package 02 - vulnerability-lookup project (rewrite of the fast lookup cve-search services)

  • The supplier must handle the development of the vulnerability-lookup project in close collaboration with CIRCL team;
  • The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
  • The supplier must maintain the code including the review and merge of pull-requests from third parties;
  • The supplier must maintain the associated documentation to keep it in-line with the vulnerability-lookup project;
  • The community management of the vulnerability-lookup framework will be handle by the supplier along with CIRCL;
  • The supplier will work with CIRCL to test and maintain production systems accessible to users;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the cve-search community;
  • Specification available at the following location;

Package 03 - CTI integration with CIRCL toolsets

  • The supplier must handle the development of PyMISP and related toolsets in close collaboration with CIRCL team;
  • The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
  • The supplier must maintain the code including the review and merge of pull-requests from third parties;
  • The supplier must evaluate and contribute to the evolution of PyMISP with CIRCL;
  • The supplier must maintain the associated documentation to keep it in-line with PyMISP;
  • The community management of the PyMISP repository will be handle by the supplier along with CIRCL;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the MISP Project community;

Package 04 - MISP Playbook from a SOC use-case perspective

  • The supplier will provide a set of playbooks agreed with CIRCL and commonly used by SOC team;
  • A playbook set is composed of a documentation in Markdown format, sample code and associated API queries. Additional supportive notebook like Jupyter notebook can be also provided if required;
  • The use-case are common use-cases encountered by SOC team to detect, react and analyse specific intelligence received by MISP;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the MISP Project community;

Bid submission

The offers are to be submitted to info@circl.lu before the 15th December 2022 12:00 CEST in ASCII or PDF format. The offer proposal must be separated per package. A bidder can submit for one or more packages. The offer must be in EURO. The offer must at least include a description of the package proposed, technical details and clearly mention Proposal for Software Services and Engineering (2022-02).

Selection criteria

  • (1) Compliance with specifications;
  • (2) Pricing;
  • (3) Past performance of the bider concerning technical capabilities and experience with the listed tools;
  • (4) Understanding of Open Source methodologies including collaboration and community management;
  • (5) Compliance with existing open source licensing;

Delivery location

The offers must include the delivery to the following addresses located in Luxembourg:

CIRCL - Computer Incident Response Center Luxembourg
c/o "security made in Lëtzebuerg" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 November 19th, 2022 Initial version TLP:WHITE.