I’m contemplating getting involved directly involved in the OWASP Mobile Security Project at the moment. OWASP stands for the Open Web Application Security Project. I’m just checking it out first before committing any time to it. They recently issued a call for volunteers for a three phase project to identify the top ten mobile risks which is sitting alongside the other work on this project. I’ve seen some small mobile phone industry interest, but not much so far. In the past I know from personal bitter experience, it has been difficult to change the mindset of people in the mobile industry to share vulnerabilities and issues among their competitors. This really can hamper incident handling and particularly response to an issue or even just giving an adequate response to media queries. While I can understand why big company legal departments have taken this attitude in the past, the increasing number of common OS platforms is making this position a little silly and certainly untenable. These irresponsible views are exposing their companies to more than embarrassment amongst the competition. Device security is a common interest across the industry – sharing information on security can surely not be a competition law issue as the intention is to make the consumer more safe and secure.
I’m helping the guys at Over the Air (@overtheair) put together a security stream for developers at the event. This year it will be held at Bletchley Park, the famous centre for code-breaking in World War II. I’ve been to previous events and they were absolutely fantastic with some great creations. An amazing combination of developers knocking up some very cool applications, big companies explaining their new upcoming technologies and plenty of partying to boot. The party carries on overnight, with dual drinking and coding streams 😉
Save the date now, if you have any good proposals for helping developers make mobile phone applications more secure, feel free to leave a comment or get in contact!