[Owasp-france] Fwd: [Owasp-leaders] 2013 Mobile Top 10 Call For Data

Sebastien Gioria sebastien.gioria at owasp.org
Tue May 21 06:14:26 UTC 2013

N hesitez pas !
---------- Message transféré ----------
De : "Jim Manico" <jim.manico at owasp.org>
Date : 21 mai 2013 08:07
Objet : [Owasp-leaders] 2013 Mobile Top 10 Call For Data
À : "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
Cc :

Hello All,

We are pleased to announce the 2013 call for data to help refresh the
Mobile Top 10 Risks for 2013 and publish a more formal publication. We are
encouraging everyone to get involved.

The current Mobile Top Ten Risks are located here:


- What do we need? -

Right now we are looking for data that represents the current state of
mobile application security. We are soliciting not just vulnerability data,
but also incident and attack data that reflects the real-world prevalence
and significance of these issues. The goal in requiring both is to rank
risks accordingly based on data as opposed to making assumptions. We will
use this data to flesh out and re-evaluate the currently incomplete Mobile
Top Ten Project.

- How can you contribute? -

Contributing data is easy. All we require is anonymized statistics on the
vulnerabilities you’ve seen in 2012-Present. If you have data on real-world
incidents and attacks to share, these will be of great value as well as
they will allow real-world impact to be better assessed. This can be just
aggregate percentages, no need to tell us how many apps you’re doing if
you’re not comfortable with that. Something like the below:

Issue: Something related to geolocation
Percentage Affected: X%
Number Affected: Y (only if you are comfortable with this)
Brief Description: This is a problem because xyz and also, bad things.

The data you submit does not necessarily have to reflect the current Top
10, it has to reflect what you are observing in the applications you
analyze. At the same time, we would certainly love feedback on what you
believe is correct or incorrect about the current list.

- What happens next? -

After a 60 day period we will review all submissions and re-draft the
Mobile Top Ten based on the prevalence and impact of data provided by
participants. After the submission period ends, there will be follow-on
discussions and work to analyze the data. Participation in this initiative
may require up to 10 hours of efforts per week, so please take this into
consideration before signing up.

- Spread the word. Make a difference! -

Also, any help spreading the word on the Mobile Security Project is
immensely helpful.  A Tweet/Facebook/Linkedin post, blog entry, etc. This
initiative will fail if people don't know about it.  Anyone that you can
promote this initiative to will help the cause.

We thank all of you in advance for your participation and hard work in
making this initiative a success. Your participation will be noted and
recorded when compiling the list of contributors for the final release of
the Mobile Top 10 Risks documentation.

- Get in touch and get involved. -

Please direct any questions or concerns to the Top 10 Refresh leaders,
Jason Haddix (jason.haddix at owasp.org), Jack Mannino (jack.mannino at owasp.org),
and Mike Zusman (mike.zusman at owasp.org).

We will be using a Google Group to collaborate on the Top 10 refresh:

The OWASP Mobile Security project’s mailing list is also another way to get
in touch with other contributors (
owasp-mobile-security-project at lists.owasp.org).

Thank you!

Jim Manico
OWASP Board Member and Volunteer

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-france/attachments/20130521/7857ca76/attachment.html>

More information about the Owasp-france mailing list