The weeks of Intentinal Building: My GSoC Midterm with OWASP Foundation

Towards the Google Summer of Code midterm evaluation marks a quiet, reflective milestone in my journey with OWASP® Foundation and OWASP BLT. Over the past weeks, the daily rhythm of development has been about transforming a conceptual proposal into a living, working application. Moving from initial repository curiosity to managing a core project architecture has felt less like a sprint and more like a deliberate, step-by-step documentary of software crafting. 

vanish.owaspblt.org

The Blueprint: What I Set Out to Build

My proposal focused on evolving BLT-Vanish into a proactive personal cybersecurity ecosystem by developing the Universal AI Identity Shield. The core philosophy centers on an explainable, local-first risk scoring platform designed to protect personal data in real time.

The technical challenge lies in maintaining a strict data boundary. Sensitive user information stays entirely on the user's device inside a Flutter application, while Cloudflare Python Workers are restricted to processing non-sensitive threat intelligence metadata. Preserving absolute data sovereignty on cross-platform systems sounds seamless in planning, but building it out end-to-end requires deep architectural precision.

The Craft So Far: Where the Code Stands

The project began visually, building a design system in Figma for the BLT-Vanish web page and application interfaces to set a clean, minimal user experience. From there, the core components fell into place:

  • Data Contracts: Established versioned schemas for Security Alerts, Risk Assessments, and Remediation Actions to keep the client architecture and edge logic locked and compatible.
  • Local Processing: Utilized Flutter to run an on-device testing ecosystem where URL extraction, expansion, and heuristic risk scoring run successfully.

A Lesson in Pacing and Resilience

Engineering is a deeply human process, and development does not always follow a linear path. During the third week, an unexpected health issue forced a hard pause on my remote repository contributions.
While the public commit graph remained quiet, I utilized my recovery windows to work offline on my local machine, mapping out URL expansion mechanics and refining the internal risk-builder logic. That phase taught me a vital lesson: meaningful progress is not always measured by public green squares, but by the clarity you bring to the architecture when solving problems on localhost.

Shared Horizons: The Community Behind the Code

I am incredibly grateful to Donnie for cultivating a supportive open-source ecosystem that simultaneously mentors GSoC contributors, social internship students, and new community members alike.

I am equally thankful to my mentor Ramansh Saxena. His precise code reviews, feedback on contract stability, and structural guidance have significantly elevated the engineering quality of this project.

The Next Chapter

The second half of the summer shifts from building foundational frameworks to reactive systems and external intelligence integration.

Right now, my focus is on completing the remediation platform to translate vulnerability data into actionable task checklists with automated reminders. From there, the roadmap points toward integrating data breach lookups via the Have I Been Pwned API using a privacy-preserving k-anonymity framework, deploying login anomaly tracking rules on Cloudflare Workers, and running full regression passes to ensure production readiness.

The structural groundwork is solid, the boundaries are drawn, and I am excited to bring the remainder of this digital guardian to life. 

Comments

Popular posts from this blog

Hello World: My Roadmap to Google Summer of Code 2026

Accepted into GSoC 2026: From First PR to Official Selection

GSoC 2026 Weekly Update: Week 2 - Establishing Contracts & System Design