[Owasp-leaders] Reaching developers = cooperative hackathons
sherif.koussa at gmail.com
Mon Sep 13 15:56:22 EDT 2010
Understood. I agree on the approach. Even if this resulted in just shuffling
around the list, it would still be worth while as it will give some guidance
for people trying to find somewhere to start from.
On Sun, Sep 12, 2010 at 12:53 AM, Jeff Williams <jeff.williams at owasp.org>wrote:
> Great point, the decision what to include or not will be the project
> itself. The decision that needs to be made right now whether OWASP want to
> fill this void.
> Mobile application\development\security is coming whether we want to or
> not, and mobile security is an issue and people are looking for guidance in
> this area. I believe that OWASP is best positioned to fill this void. Maybe
> the project would start as an amendment to the current Top 10 and depending
> on the findings, it can either fork out to be its own or it can remain as
> an amendment. Thoughts?
> Let's start identifying the key issues and then figure how to package them
> so the most improve mobile security for the most users.
> I strongly recommend thinking through the entire risk in the mobile
> context. The XSS discussion is illustrative. Can you truly articulate the
> risk to a mobile user of XSS? There are different threats and impacts here
> than the desktop web browser context.
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders