OWASP Mobile Security Project Call For Volunteers

We are pleased to announce a call for participation to help shape the OWASP Mobile Top 10 Risks. This “Top 10” initiative is intended to help organizations determine how to best apply development and security resources to better protect their mobile applications and data.

In order to compile the most thorough and universally accepted guidance possible, we are reaching out to software developers, security consultants, and thought leaders from all industries to participate. This includes independent developers and consultants, startups, large consultancies, and large development companies. If you have an interest in mobile application security and the expertise to contribute, we invite you to get involved with this initiative. The OWASP organization is built on openness and transparency, and our vision is for this initiative to adhere to these very same high standards. Participation is open and highly encouraged for all.

We are breaking this initiative into three distinct phases. Each phase will build upon the previous phase's achievements and outputs, helping to refine our data set as we progress. The phases are broken down as follows:

Phase I (6/2/2011- 6/30/2011)


 * Survey for recommendations for promotion, demotion, and removal of current risks
 * Suggestions for new candidates to consider for inclusion in the final Top 10 Risks
 * Survey can be found here: spreadsheets.google.com/spreadsheet/viewform

Phase II (7/7/2011- 8/4/2011) Compile all information from Phase I Release new set of candidates for consideration Rate and rank candidates using the official OWASP Risk Rating Methodology Provide metrics and supporting information

Phase III (8/11/2011- 9/8/2011) Compute and compile Phase II information Create Top 10 release candidate list Release list to Phase I and II participants for feedback Perform final revisions and solicit final feedback before official release

While participation is open to all, we will be enforcing one rule: participation in Phases II and III is dependent upon participation in all phases. We are pursuing aggressive time lines, and in order to promote an orderly and focused effort, the projects' leadership felt that this would be the best way to achieve it. Therefore, we ask that if you wish to be heavily involved in this initiative, that you plan accordingly based on the proposed time lines above.

We thank all of you in advance for your participation and hard work in making this initiative a success. Your participation will be noted and recorded when compiling the list of contributors for the final release of the Mobile Top 10 Risks documentation.

Sincerely, OWASP Mobile Security Project Leadership