[Owasp-leaders] On binary mobile protection...

Jim Manico jim.manico at owasp.org
Sat Nov 8 06:03:07 UTC 2014


It looks like the mobile team (and
the ASVS team to some degree) are going to change M10 from "lack of binary
analysis" (which is not a risk) to "unauthorized code modification" which I
think is a move in the right direction. Now that the risk is more clearly
identified, I hope we can resume intelligent and respectful conversation
regarding how to mitigate it. Monitor app stores? Binary protection
technology? Something else? Please join the OWASP mobile project if you are
interested!
https://groups.google.com/a/owasp.org/forum/#!forum/owasp-mobile-top-10-risks

This also returns us to the problem of nomenclature in our industry. Paco
Hope has noticed that the OWASP wiki glossary is terribly out of date and
he has taken it upon himself to dive in and make positive changes there.
I'm very grateful for this. While complaining is ok and we certainly need
critique, the OWASP "do-ers" have a much bigger impact in creating positive
change. Thank you Paco, and all the other "do-ers" who dig in and get their
hands dirty trying to make OWASP better for all.

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141108/eefba15d/attachment.html>


More information about the OWASP-Leaders mailing list