CIRCL - Request for Proposals for Software Services and Engineering (2023-06)

CIRCL - Request for Proposals for Software Services and Engineering (2023-06)

The scope of the RfP is the supply and delivery of Software Services and Engineering to CIRCL within a scope of internal software. The candidate supplier must submit an offer for a single package. The candidate supplier can select the package for which he wishes to bid. The RfP fall into the category of “MARCHÉS PUBLICS DE FAIBLE ENVERGURE”.

Package 01 - Lookyloo, Pandora development and maintenance

  • Pandora framework is an open source project and an analysis framework to discover if a file is suspicious and conveniently show the results;
  • Lookyloo is an open source project composed of web interface and back-end which allows users to capture a website page and then display a tree of domains that call each other;
  • Lacus is an open source project for crawling;
  • The supplier must handle the development of PyMISP and related toolsets in close collaboration with CIRCL team;
  • PyMISP and integration with existing and upcoming CIRCL tools;
  • The supplier must handle the development of the Lookyloo project, Pandora framework, Lacus and related toolsets used for analysis in close collaboration with CIRCL team;
  • The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
  • The supplier must maintain the code including the review and merge of pull-requests from third parties;
  • The supplier must evaluate and contribute to the evolution of the Lookyloo project and Pandora with CIRCL;
  • The supplier must maintain the associated documentation to keep it in-line with the Lookyloo services and Pandora online services;
  • The community management of the Lookyloo project and pandora framework will be handle by the supplier along with CIRCL;
  • The supplier will work with CIRCL to test and maintain production systems accessible to users;
  • The supplier will work with CIRCL to integrate with the incident process and toolset at CIRCL including urlabuse;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the Lookyloo community or Pandora;

Package 02 - vulnerability-lookup project improvement and NIS2 CVD support

  • The supplier must handle the development of the vulnerability-lookup project in close collaboration with CIRCL team;
  • The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
  • The supplier must maintain the code including the review and merge of pull-requests from third parties;
  • The supplier must maintain the associated documentation to keep it in-line with the vulnerability-lookup project;
  • The community management of the vulnerability-lookup framework will be handle by the supplier along with CIRCL;
  • The supplier will work with CIRCL to test and maintain production systems accessible to users;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the cve-search community;
  • Updated Specification available at the following location;

Bid submission

The offers are to be submitted to info@circl.lu before the 31st 2023 12:00 CEST in ASCII or PDF format. The offer proposal must be separated per package. A bidder can submit for one or more packages. The offer must be in EURO. The offer must at least include a description of the package proposed, technical details and clearly mention Proposal for Software Services and Engineering (2023-06).

Selection criteria

  • (1) Compliance with specifications;
  • (2) Pricing;
  • (3) Past performance of the bider concerning technical capabilities and experience with the listed tools;
  • (4) Understanding of Open Source methodologies including collaboration and community management;
  • (5) Compliance with existing open source licensing;

Delivery location

The offers must include the delivery to the following addresses located in Luxembourg:

CIRCL - Computer Incident Response Center Luxembourg
c/o "Luxembourg House of Cybersecurity" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 December 15th 2023 - Initial version TLP:CLEAR.