I’m contemplating getting involved directly involved in the OWASP Mobile Security Project at the moment. OWASP stands for the Open Web Application Security Project. I’m just checking it out first before committing any time to it. They recently issued a call for volunteers for a three phase project to identify the top ten mobile risks which is sitting alongside the other work on this project. I’ve seen some small mobile phone industry interest, but not much so far. In the past I know from personal bitter experience, it has been difficult to change the mindset of people in the mobile industry to share vulnerabilities and issues among their competitors. This really can hamper incident handling and particularly response to an issue or even just giving an adequate response to media queries. While I can understand why big company legal departments have taken this attitude in the past, the increasing number of common OS platforms is making this position a little silly and certainly untenable. These irresponsible views are exposing their companies to more than embarrassment amongst the competition. Device security is a common interest across the industry – sharing information on security can surely not be a competition law issue as the intention is to make the consumer more safe and secure.