CIRCL - Request for Proposals for Software Services and Engineering (2023-06)

CIRCL - Request for Proposals for Software Services and Engineering (2023-06)

Back to CIRCL - Request for Proposals

  1. CIRCL - Request for Proposals for Software Services and Engineering (2023-06)
  2. Package 01 - Lookyloo, Pandora development and maintenance
  3. Package 02 - vulnerability-lookup project improvement and NIS2 CVD support
  4. Bid submission
  5. Selection criteria
  6. Delivery location
  7. Classification of this document
  8. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

CIRCL - Request for Proposals for Software Services and Engineering (2023-06)

The scope of the RfP is the supply and delivery of Software Services and Engineering to CIRCL within a scope of internal software. The candidate supplier must submit an offer for a single package. The candidate supplier can select the package for which he wishes to bid. The RfP fall into the category of “MARCHÉS PUBLICS DE FAIBLE ENVERGURE”.

Package 01 - Lookyloo, Pandora development and maintenance

  • Pandora framework is an open source project and an analysis framework to discover if a file is suspicious and conveniently show the results;
  • Lookyloo is an open source project composed of web interface and back-end which allows users to capture a website page and then display a tree of domains that call each other;
  • Lacus is an open source project for crawling;
  • The supplier must handle the development of PyMISP and related toolsets in close collaboration with CIRCL team;
  • PyMISP and integration with existing and upcoming CIRCL tools;
  • The supplier must handle the development of the Lookyloo project, Pandora framework, Lacus and related toolsets used for analysis in close collaboration with CIRCL team;
  • The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
  • The supplier must maintain the code including the review and merge of pull-requests from third parties;
  • The supplier must evaluate and contribute to the evolution of the Lookyloo project and Pandora with CIRCL;
  • The supplier must maintain the associated documentation to keep it in-line with the Lookyloo services and Pandora online services;
  • The community management of the Lookyloo project and pandora framework will be handle by the supplier along with CIRCL;
  • The supplier will work with CIRCL to test and maintain production systems accessible to users;
  • The supplier will work with CIRCL to integrate with the incident process and toolset at CIRCL including urlabuse;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the Lookyloo community or Pandora;

Package 02 - vulnerability-lookup project improvement and NIS2 CVD support

  • The supplier must handle the development of the vulnerability-lookup project in close collaboration with CIRCL team;
  • The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
  • The supplier must maintain the code including the review and merge of pull-requests from third parties;
  • The supplier must maintain the associated documentation to keep it in-line with the vulnerability-lookup project;
  • The community management of the vulnerability-lookup framework will be handle by the supplier along with CIRCL;
  • The supplier will work with CIRCL to test and maintain production systems accessible to users;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the cve-search community;
  • Updated Specification available at the following location;

Bid submission

The offers are to be submitted to info@circl.lu before the 31st 2023 12:00 CEST in ASCII or PDF format. The offer proposal must be separated per package. A bidder can submit for one or more packages. The offer must be in EURO. The offer must at least include a description of the package proposed, technical details and clearly mention Proposal for Software Services and Engineering (2023-06).

Selection criteria

  • (1) Compliance with specifications;
  • (2) Pricing;
  • (3) Past performance of the bider concerning technical capabilities and experience with the listed tools;
  • (4) Understanding of Open Source methodologies including collaboration and community management;
  • (5) Compliance with existing open source licensing;

Delivery location

The offers must include the delivery to the following addresses located in Luxembourg:

CIRCL - Computer Incident Response Center Luxembourg
c/o "Luxembourg House of Cybersecurity" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 December 15th 2023 - Initial version TLP:CLEAR.