[Owasp-leaders] Reaching developers = cooperative hackathons
jeff.williams at owasp.org
Sun Sep 12 00:53:30 EDT 2010
> Great point, the decision what to include or not will be the project itself. The decision that needs to be made right now whether OWASP want to fill this void.
> Mobile application\development\security is coming whether we want to or not, and mobile security is an issue and people are looking for guidance in this area. I believe that OWASP is best positioned to fill this void. Maybe the project would start as an amendment to the current Top 10 and depending on the findings, it can either fork out to be its own or it can remain as an amendment. Thoughts?
Let's start identifying the key issues and then figure how to package them so the most improve mobile security for the most users.
I strongly recommend thinking through the entire risk in the mobile context. The XSS discussion is illustrative. Can you truly articulate the risk to a mobile user of XSS? There are different threats and impacts here than the desktop web browser context.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders