Projects Reboot 2012 - OWASP Mobile Project

Mobile project is requesting funding for:

1) Project Name and Description OWASP Mobile Security Project The project is a centralized set of resources intended to give developers and security teams the tools they need to build and maintain secure mobile applications. Through the project, our goal is to increase awareness of security issues and provide the knowledge and tools needed to solve these problems. 2) Reboot Initiatives Type 2- Community Liaison (3k) While the professionals within the security industry have a wealth of talent and knowledge to contribute to the mobile initiative, the academic community remains largely untapped for its potential input. Additionally, there are many valuable research initiatives that exist within the private and government spaces that could greatly enhance the project's ability to fulfill its mission. The challenge is bringing interested parties together and raising their awareness of the project's mission. The project is requesting funds for a community liaison that will serve the purpose of reaching out to parties of interest in order to recruit them as contributors. The liaison will be responsible for identifying research initiatives that align with the project's mission, and opening communication channels between existing core contributors and potential contributors of interest. This individual’s deliverable requirements will be: Informational and brochure-ware for interested contributors, explaining the project’s mission and the value in involvement or contributions. Marketing and communications with potential contributing entities Identify mobile development centric groups to form collaborative partnerships with Type 1 and Type 2- Mobile Security Hackathon Style Event/Summit (Approximately 10k, with the rest via sponsorship and small entrance fee/donation...any excess funds would go back to OWASP as well as a percentage earmarked for the mobile security project) The majority of the mobile project team is regionally diverse, and typically performs work using online collaborative tools (Google Docs, Skype, WebEx, etc.). While this enables the team to achieve great things from a distance, at times it can be challenging to sync everyone's schedules to achieve great things in tandem. Work and life related distractions often make it challenging to make fast or consistent progress on producing consumable material. The project is requesting funds to hold a small event within the next 3-4 months. Limited sponsorship could also be obtained in order to increase the available amount of funds. As this would be a “hackathon” style of event, attendees would be encouraged to attend in order to build upon existing ideas while in the presence of other skilled peers. This includes new tools, proof of concept libraries, case studies, and ideas for new written materials. In order to fund this, the project would require the following: paid airfare and hotel for 5-10 core contributors a small venue for 25-30 attendees, or more if the interest level supports it (will look into Makerspace type of venues) assistance with marketing and promotion for the event Aside from the promotional aspects that would greatly benefit the project, the contributors that would have their expenses paid will have a clear mission and deliverable items to achieve while onsite. These items will be completed through hackathons and rapid-fire collaborative efforts. Both core contributors and general summit attendees will be able to participate and collaborate, further increasing the number of active project contributors and helping to forge new relationships. The required (minimum) deliverables to be produced include: draft updated Top 10 Risks draft updated Controls draft secure mobile development framework (outline)

As the mobile development community is growing at an incredibly fast pace, this represents a completely new audience for OWASP to engage. Developers and researchers would be more likely to attend this style of event, as they can provide immediate value as well as learn from their peers through hands-on activities and face-to-face collaboration.

Type 1- Professionally Designed and Prepared Documents (3k) While the project has produced several deliverables of reasonable quality, they lack the polish and refinement of other high profile OWASP documents such as the Web Top 10. In order to encourage further dissemination and adoption of this material, it is essential to revamp these documents in a format suitable to send to a CIO or CSO level leader.

Currently, the Mobile Top 10 Risks and Controls are preparing to enter a period of revision and content enhancements. These enhancements will result in fresh material that should be disseminated in a timely manner to a broad audience. The project is requesting funds in order to contract out to a graphic artist and technical writer the deliverable task of converting these artifacts into professional, high quality documents. The designer will be tasked with creating visuals and amplifying graphics that enhance the message contained within the materials. The technical writer would be responsible for ensuring the accuracy, quality, and general structure of the documentation. This will help tremendously with attracting a larger audience for consuming these materials as well as industry adoption. The updated documents the project would desire to see in high quality format include: Mobile Top 10 Risks Mobile Top 10 Controls (in collaboration with ENISA: http://www.enisa.europa.eu/activities/application-security/smartphone-security-1/smartphone-secure-development-guidelines)

3) Goals Review, update and expand the material surrounding the Mobile Risks and Controls Complete the outline for the secure mobile development framework, making it possible for contributors to participate in a simplified, modular manner Increase the number of high quality, active contributors to the mobile security project Create new initiatives and sub-projects to build within the overall project to complement existing work Host an event that brings together new and existing contributors to accelerate progress with generating content 4) Milestone Timelines Community Liason Marketing 50% milestone- Complete project brochure and marketing materials (in coordination with graphic designer and writer) 100% milestone- Completion of first round of outreach efforts to academia, government, and the private industry to engage new contributors and sponsors Mobile Security Hackathon Style Event/Summit Event Planning 50% milestone- Finalize the event’s official agenda and logistics 100% milestone- Hold the event and produce (at an absolute minimum) the updated Risks and Controls material Professionally Designed and Prepared Documents Document Preparation 50% milestone- Prepare templates for each document and all graphic material 100% milestone- Merge all visuals and content into release-quality documents 5) Budget Allocation The total budget requested is $16,000. It would be utilized as follows : $3,000 Community Liason $1,000- Project brochure and marketing materials $2,000- Initial outreach efforts and promotion to external organizations and universities $10,000- Mobile Security Hackathon Style Event/Summit $6,000- Airfare/transit and hotel for 5-10 contributors for 2 days $2,000- Hosting venue and refreshments for approximately 25-30 $2,000- Promotion and marketing $3,000- Professionally Designed and Prepared Documents $1,500- Mobile Top 10 Risks $1,500- Mobile Controls