CIRCL - Request for Proposals for Software Services and Engineering (2024-04)
The scope of the RfP is the supply and delivery of Software Services and Engineering to CIRCL within a scope of internal software. The candidate supplier must submit an offer for a single package. The candidate supplier can select the package for which he wishes to bid. The RfP fall into the category of “MARCHÉS PUBLICS DE FAIBLE ENVERGURE”.
Package 01 - Improvement of take-down automation processes
- The supplier will review and maintain the take-down automation process tooling with CIRCL team;
- Complementary PyMISP integration with existing and upcoming CIRCL tools will be supported by the supplier;
- Integration with CIRCL case management tool such as FlowIntel and especially the Python library integration;
- The supplier must handle the development of the toolsets used for take-down automation in close collaboration with CIRCL team;
- The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
- The supplier must maintain the code including the review and merge of pull-requests from third parties;
- The supplier must evaluate and contribute to the evolution of the code developed with CIRCL;
- The supplier must maintain the associated documentation to keep it in-line with the take-down processes;
- The supplier will work with CIRCL to test and maintain production systems accessible to users;
- The supplier will work with CIRCL to integrate with the incident process and toolset at CIRCL including urlabuse and new take-down tooling;
- The supplier must be inline with open source development methodologies defined by CIRCL;
Package 02 - vulnerability-lookup project improvement and NIS2 CVD support
- The supplier must handle the development of the vulnerability-lookup project in close collaboration with CIRCL team;
- The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
- The supplier must maintain the code including the review and merge of pull-requests from third parties;
- The supplier must maintain the associated documentation to keep it in-line with the vulnerability-lookup project;
- The community management of the vulnerability-lookup framework will be handle by the supplier along with CIRCL;
- The supplier will work with CIRCL to test and maintain production systems accessible to users;
- The supplier must be inline with open source development methodologies defined by CIRCL and the cve-search community;
- Updated Specification available at the following location;
Bid submission
The offers are to be submitted to info@circl.lu before the 31st June 2024 12:00 CEST in ASCII or PDF format. The offer proposal must be separated per package. A bidder can submit for one or more packages. The offer must be in EURO. The offer must at least include a description of the package proposed, technical details and clearly mention Proposal for Software Services and Engineering (2024-04).
Selection criteria
- (1) Compliance with specifications;
- (2) Pricing;
- (3) Past performance of the bider concerning technical capabilities and experience with the listed tools;
- (4) Understanding of Open Source methodologies including collaboration and community management;
- (5) Compliance with existing open source licensing;
Delivery location
The offers must include the delivery to the following addresses located in Luxembourg or via remote services for software engineering services:
CIRCL - Computer Incident Response Center Luxembourg
c/o "Luxembourg House of Cybersecurity" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
Revision
- Version 1.0 June 15th 2024 - Initial version TLP:CLEAR.