OWASP Mobile Security Project call for volunteers

The OWASP (Open Web Application Security Project) Mobile Security Project wants your help to shape the OWASP Mobile Top 10 Risks.

I’m going to run the open letter from their website below. But first, a few words about OWASP:

OWASP is, as it says on its website, an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

The folks involved with this organization have helped me out on many stories, and everyone should appreciate the work they do.

–Bill Brenner

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

FULL MESSAGE FROM OWASP:

The OWASP Mobile Security Project is pleased to announce a call for participation to help shape the OWASP Mobile Top 10 Risks. This “Top 10” initiative is intended to help organizations determine how to best apply development and security resources to better protect their mobile applications and data.

In order to compile the most thorough and universally accepted guidance possible, we are reaching out to software developers, security consultants, and thought leaders from all industries to participate. This includes independent developers and consultants, startups, large consultancies, and large development companies. If you have an interest in mobile application security and the expertise to contribute, we invite you to get involved with this initiative. The OWASP organization is built on openness and transparency, and our vision is for this initiative to adhere to these very same high standards. Participation is open and highly encouraged for all.

We are breaking this initiative into three distinct phases. Each phase will build upon the previous phase’s achievements and outputs, helping to refine our data set as we progress. The phases are broken down as follows:

Phase I (6/2/2011- 6/30/2011)

Survey to obtain recommendations for promotion, demotion, and removal within current risks

Suggestions for new candidates to consider for inclusion in the final Top 10 Risks

Survey can be found here: Mobile Top 10 Risks Survey

Phase II (7/7/2011- 8/4/2011)

Compile all information from Phase I

Release new set of candidates for consideration

Rate and rank candidates using the official OWASP Risk Rating Methodology

Provide metrics and supporting information

Phase III (8/11/2011- 9/8/2011)

Compute and compile Phase II information

Create Top 10 release candidate list

Release list to Phase I and II participants for feedback

Perform final revisions and solicit final feedback before official release

While participation is open to all, we will be enforcing one rule: participation in Phases II and III is dependent upon participation in all phases. We are pursuing aggressive time lines, and in order to promote an orderly and focused effort, the projects’ leadership felt that this would be the best way to achieve it. Therefore, we ask that if you wish to be heavily involved in this initiative, that you plan accordingly based on the proposed time lines above.

We thank all of you in advance for your participation and hard work in making this initiative a success. Your participation will be noted and recorded when compiling the list of contributors for the final release of the Mobile Top 10 Risks documentation.

If you have questions regarding this initiative, please contact the project leaders listed on the main page. We also encourage you to join the mailing list and My OWASP groups in order to collaborate with other participants.

Sincerely,

OWASP Mobile Security Project Leadership

If you want to volunteer your time and talents, you can contact one of the folks on this list.