[Owasp-leaders] OWASP Mobile Top 10 - potential conflict of interest in M10

Andre Gironda andreg at gmail.com
Tue Nov 4 20:03:31 UTC 2014


On Nov 4, 2014 10:53 AM, "Jonathan Carter" <jonathan.carter at owasp.org>
wrote:
>
> Things have changed significantly over the past few years within mobile.
There are now a number of new design factors that force organizations to
store, transmit, or process things that are extremely sensitive within
mobile apps now. In more and more situations, sensitive code must exist
within the mobile code. Here are some examples (off the top of my head)
where sensitive code must exist on the mobile device: offline availability
requirements, HCE, IoT interfaces, mobile banking, medical device
interfaces, etc.

These can also be implemented using FOSS trusted environments, such as
Open-TEE.

My suggestion would be to move the M10 language towards trusted execution
environments.

dre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141104/55f635f2/attachment.html>


More information about the OWASP-Leaders mailing list