[Owasp-mobile-security-project] Summit Recap

Rajendra Umadas raj.umadas at gmail.com
Fri Feb 18 11:29:53 EST 2011


The fact that Nokia is adopting Windows Phone, does not mean that everyone
with a Symbian device will just disappear. It will be a popular platform in
the wild for many years to come.

Raj

On Fri, Feb 18, 2011 at 11:27 AM, Jason Ross <algorythm at gmail.com> wrote:

> Aha! Thanks for that, I knew there had to be a good reason =)
>
> --
> jason
>
>
> On Fri, Feb 18, 2011 at 11:21 AM, Neaves, Tom
> <tom.neaves at uk.verizonbusiness.com> wrote:
> > Jason,
> >
> >
> http://www.wired.com/gadgetlab/2011/02/microsoft-and-nokia-team-up-to-build-windows-phones/
> >
> > Look at the smiles in that photo.
> >
> > Cheers,
> > Tom
> >
> > -----Original Message-----
> > From: owasp-mobile-security-project-bounces at lists.owasp.org [mailto:
> owasp-mobile-security-project-bounces at lists.owasp.org] On Behalf Of Jason
> Ross
> > Sent: 18 February 2011 16:17
> > To: Mike Zusman
> > Cc: owasp-mobile-security-project at lists.owasp.org
> > Subject: Re: [Owasp-mobile-security-project] Summit Recap
> >
> > Out of curiosity, why was Symbian determined to be low priority?
> > It's still the largest install base (globally), and isn't expected to
> fall to second place (behind Android) until 2014.
> >
> > Certainly a focus on Android etc. is better for me personally, because I
> can play with those most easily and thereby contribute here, but I wonder if
> it makes sense for an (ideally) global standard?
> >
> > --
> > jason
> >
> >
> >
> > On Fri, Feb 18, 2011 at 10:04 AM, Mike Zusman <
> mike.zusman at intrepidusgroup.com> wrote:
> >> Hi folks,
> >>
> >> Below is my recap of the summit. Let me know if I'm missing anything
> important, and feel free to challenge if there is any disagreement with what
> I've written below. I'll be sending this information over to Sarah later
> today to be included in the official summit documentation.
> >>
> >> Thanks to all who participated, and helped make the session a productive
> one.
> >>
> >> Cheers,
> >> Mike
> >>
> >>
> >>
> >> Mobile Working Session Summit Results
> >>
> >> Activities Performed at Summit:
> >>
> >> 1.      Dynamic Working Session - Duration: 90 minutes. Attendance:
> >> ~20
> >>
> >> Open discussion regarding the general mission of the OWASP Mobile
> project, and the methodology for creating an official OWASP Top 10 Risks
> List.
> >>
> >> Key outcomes:
> >> *       OWASP mobile needs to provide for policy makers at
> >> organizations, mobile application security testers, and mobile
> application developers *       The Top 10 list should be data driven and
> crowd sourced. Initiative is underway.
> >> *       ENISA/OWASP to work together on producing secure development
> >> guidelines *       Symbian is low priority. Priority platforms: iOS,
> >> Android, RIM, WinPhone7
> >>
> >> 2.      Official Working Session -Duration: 90 minutes (we went over a
> >> bit). Attendance: ~40
> >>
> >> Open discussion regarding the general mission and target audiences of
> the OWASP mobile project. Participants who represented companies other than
> consultancies and security product/service organizations were queried as to
> what their mobile application security shortcomings are, and what they would
> like to see come out of the project. In general, feedback matched closely to
> what was identified during the dynamic session: guidance for policy makers,
> testers, and developers.
> >>
> >> After this open discussion, the summit participants were split into 3
> groups. Each group was tasked with coming up with their own version of the
> OWASP Top 10 Mobile Risks list. The outcome of this exercise was two Top-10
> lists and one Top-17 list. Each small group had a representative present
> their list to the work group, and the finer points of some risks were
> discussed.
> >>
> >> The outcome of the group exercise has been compiled into a spreadsheet
> to be used by Jerry to survey penetration testing/application assessment
> companies in an effort to create a data driven/crowd sourced OWASP Top 10
> Mobile Risks list.
> >>
> >>        Key outcomes:
> >> *       37 Mobile Risks identified and documented by summit
> >> participants *       General consensus on the mission, target
> >> audience, and key deliverables of Mobile Project *       Relationships
> >> established project participants *       Need to establish
> >> relationships with platform vendors, in order to express the need for
> >> security specific features & functionality
> >>
> >> Deliverables Identified Prior to Summit
> >>
> >> 1. Primary: Create core knowledge base on project wiki site
> >> Status: Achieved. Additional content added to wiki.
> >>
> >> 2. Recruit volunteers to contribute to project
> >> Status: Achieved. Specific volunteered initiatives include:
> >>        Giles Hogben (ENISA) - Giles will establish a relationship with
> >> OWASP to help produce ENISA/OWASP branded mobile platform specific
> >> secure development guidelines
> >>        Jerry Hoff - Volunteered to survey pen-testing companies on
> >> mobile app assessment data in order to create a data driven OWASP
> >> mobile Top 10
> >>
> >> 3. Establish relationships with key players (i.e. Apple/Google/etc)
> >> Status: fail
> >>
> >> 4. Create the OWASP Mobile Top 10
> >> Status: Partial Success. While an official Top 10 list was not ratified,
> much discuss was had, and an initiative is underway to create an official
> OWASP Mobile Top 10.
> >>
> >> 5. Community Outreach
> >> Status: Success. Numerous summit participants expressed an interest in
> contributing to the product. Moving beyond the summit, it is critical to
> maintain momentum and keep participants engaged in the project.
> >>
> >> 6. Formalized Road Map
> >> Status: Partial Success. While an official road map document is pending,
> there was consensus among summit participants on the key initiatives that
> OWASP mobile must undertake. These will help formulate the official road
> map, and include:
> >>        Produce the OWASP top 10 for mobile
> >>        Produce materials & methodologies useful for app assessment
> >>        Produce materials for app developers
> >>
> >>
> >> _______________________________________________
> >> Owasp-mobile-security-project mailing list
> >> Owasp-mobile-security-project at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project
> >>
> > _______________________________________________
> > Owasp-mobile-security-project mailing list
> Owasp-mobile-security-project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project
> >
> >
> >
> > Verizon UK Limited - registered in England & Wales - registered number
> 2776038 - registered office at Reading International Business Park,
> Basingstoke Road, Reading, Berkshire, UK RG2 6DA - VAT number 823 8170 33
> >
> _______________________________________________
> Owasp-mobile-security-project mailing list
> Owasp-mobile-security-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mobile-security-project/attachments/20110218/bdf74b1b/attachment-0001.html 


More information about the Owasp-mobile-security-project mailing list