CIRCL - Request for Proposals for Software Services and Engineering (2022-02)
The scope of the RfP is the supply and delivery of Software Services and Engineering to CIRCL within a scope of internal software. The candidate supplier must submit an offer for a single package. The candidate supplier can select the package for which he wishes to bid. The RfP fall into the category of “MARCHÉS PUBLICS DE FAIBLE ENVERGURE”.
Package 01 - Lookyloo and Pandora development and maintenance
- Pandora framework is an open source project and an analysis framework to discover if a file is suspicious and conveniently show the results;
- Lookyloo is an open source project composed of web interface and back-end which allows users to capture a website page and then display a tree of domains that call each other;
- The supplier must handle the development of the Lookyloo project, Pandora framework and related toolsets used for analysis in close collaboration with CIRCL team;
- The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
- The supplier must maintain the code including the review and merge of pull-requests from third parties;
- The supplier must evaluate and contribute to the evolution of the Lookyloo project and Pandora with CIRCL;
- The supplier must maintain the associated documentation to keep it in-line with the Lookyloo services and Pandora online services;
- The community management of the Lookyloo project and pandora framework will be handle by the supplier along with CIRCL;
- The supplier will work with CIRCL to test and maintain production systems accessible to users;
- The supplier will work with CIRCL to integrate with the incident process and toolset at CIRCL including urlabuse;
- The supplier must be inline with open source development methodologies defined by CIRCL and the Lookyloo community or Pandora;
Package 02 - vulnerability-lookup project (rewrite of the fast lookup cve-search services)
- The supplier must handle the development of the vulnerability-lookup project in close collaboration with CIRCL team;
- The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
- The supplier must maintain the code including the review and merge of pull-requests from third parties;
- The supplier must maintain the associated documentation to keep it in-line with the vulnerability-lookup project;
- The community management of the vulnerability-lookup framework will be handle by the supplier along with CIRCL;
- The supplier will work with CIRCL to test and maintain production systems accessible to users;
- The supplier must be inline with open source development methodologies defined by CIRCL and the cve-search community;
- Specification available at the following location;
Package 03 - CTI integration with CIRCL toolsets
- The supplier must handle the development of PyMISP and related toolsets in close collaboration with CIRCL team;
- The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
- The supplier must maintain the code including the review and merge of pull-requests from third parties;
- The supplier must evaluate and contribute to the evolution of PyMISP with CIRCL;
- The supplier must maintain the associated documentation to keep it in-line with PyMISP;
- The community management of the PyMISP repository will be handle by the supplier along with CIRCL;
- The supplier must be inline with open source development methodologies defined by CIRCL and the MISP Project community;
Package 04 - MISP Playbook from a SOC use-case perspective
- The supplier will provide a set of playbooks agreed with CIRCL and commonly used by SOC team;
- A playbook set is composed of a documentation in Markdown format, sample code and associated API queries. Additional supportive notebook like Jupyter notebook can be also provided if required;
- The use-case are common use-cases encountered by SOC team to detect, react and analyse specific intelligence received by MISP;
- The supplier must be inline with open source development methodologies defined by CIRCL and the MISP Project community;
Bid submission
The offers are to be submitted to info@circl.lu before the 15th December 2022 12:00 CEST in ASCII or PDF format. The offer proposal must be separated per package. A bidder can submit for one or more packages. The offer must be in EURO. The offer must at least include a description of the package proposed, technical details and clearly mention Proposal for Software Services and Engineering (2022-02).
Selection criteria
- (1) Compliance with specifications;
- (2) Pricing;
- (3) Past performance of the bider concerning technical capabilities and experience with the listed tools;
- (4) Understanding of Open Source methodologies including collaboration and community management;
- (5) Compliance with existing open source licensing;
Delivery location
The offers must include the delivery to the following addresses located in Luxembourg:
CIRCL - Computer Incident Response Center Luxembourg
c/o "security made in Lëtzebuerg" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
Revision
- Version 1.0 November 19th, 2022 Initial version TLP:WHITE.