Acknowledgments
Contributors
All of our contributors are listed in the Contributing section of the OWASP MAS website:
https://mas.owasp.org/contributing/
🥇 MAS Advocates
MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word.
🥇 Being an “MAS Advocate” is the highest status that companies can achieve in the project acknowledging that they’ve gone above and beyond to support the project.
We will validate this status according to these categories:
- Showing Adoption: it should be clear just from looking at the official company page that they have adopted the OWASP MASVS and MASTG. For example:
- Services / Products
- Resources (e.g. blog posts, press releases, public pentest reports)
- Trainings
- etc.
- Providing consistent high-impact contributions: by continuously supporting with time/dedicated resources with clear/high impact for the OWASP MAS project.
- Content Pull Requests (e.g. adding/upgrading existing tests, tooling, maintaining code samples, etc.)
- Technical PR reviews
- Improving automation (GitHub Actions)
- Upgrading, extending or creating new Crackmes
- Moderating GitHub Discussions
- Providing high-value feedback to the project and for special events such as the MASVS/MASTG refactoring.
- etc.
- Spreading the word and promoting the project with many presentations each year, public trainings, high social media involvement (e.g. liking, re-sharing, doing own posting specifically to promote the project).
NOTE: You have to satisfy all three categories in order to qualify as an MAS Advocate. However, you do not need to fulfill each and every bullet point (they are examples). In general, you must be able to clearly show the continuity of your contributions and high impact for the project. For example, to fulfill “2.” you could demonstrate that you’ve been sending high-impact Pull Request in the initial 6 months period and intend to continue to do so.
🎁 Benefits
- Company logo displayed in our main READMEs and main OWASP project site.
- Linked blog posts in the MASTG will include the company name.
- Special acknowledgement on each MASTG release containing the contributed PRs.
- Re-shares from the OWASP MAS accounts on new publications (e.g. retweets).
- Initial public “Thank You” and yearly after successful renewal.
📝 How to Apply
If you’d like to apply please contact the project leaders by sending an email to Sven Schleier and Carlos Holguera who will validate your application. Please be sure to include sufficient evidence (usually in the form of a contribution report including URLs linking to the corresponding elements) showing what you’ve done in the 6 months period that goes inline with the three categories described above.
❗ Important Disclaimers
- If the “MAS Advocate” status is granted and you’d like to maintain it, the aforementioned contributions must remain consistent after the initial period as well. You should keep collecting this evidence and send us a contribution report yearly.
- Financial donations are not part of the eligibility criteria but will be listed for completion.
- Re-shared publications and blog posts linked in MASTG text must be educational and focus on mobile security or MASVS/MASTG and not endorse company products/services.
- Advocate Companies may use the logo and links to MASVS/MASTG resources as part of their communication but cannot use them as an endorsement by OWASP as a preferred provider of software and services.
- Example of what’s ok: list MAS Advocate status on website home page, in “about company” slides in sales presentations, on sales collateral.
- Example of what’s not ok: a MAS Advocate cannot claim they are OWASP certified.
- The quality of the application of the MASVS/MASTG by these companies has not been vetted by the MAS team.
The OWASP Foundation is very grateful for the support by the individuals and organizations listed. However please note, the OWASP Foundation is strictly vendor neutral and does not endorse any of its supporters. MAS Advocates do not influence the content of the MASVS or MASTG in any way.
Our MAS Advocates
NowSecure has provided consistent high-impact contributions to the project and has successfully helped spread the word.
We’d like to thank NowSecure for its exemplary contribution which sets a blueprint for other potential contributors wanting to push the project forward.
NowSecure as a MASVS/MASTG Adopter
- Services / Products:
- Resources:
- Trainings:
NowSecure’s Contributions to the MAS Project
High-impact Contributions (time/dedicated resources):
- Content PRs
- Technical Reviews for PRs
- Participation in GitHub Discussions
A special mention goes for the contribution to the MASVS Refactoring:
- Significant time investment to drive the discussions and create the proposals along with the community
- Testability Analysis
- Feedback on each category proposal
- Statistics from internal analysis
In the past, NowSecure has also contributed to the project, has sponsored it becoming a “God Mode Sponsor” and has donated the UnCrackable App for Android Level 4: Radare2 Pay.
Spreading the Word:
- Social media involvement: continuous Twitter and LinkedIn activity (see examples)
- Case Study: NowSecure Commits to Security Standards
- Blog Posts:
- Presentations:
- “Mobile Wanderlust”! Our journey to Version 2.0! (OWASP AppSec EU, Jun 10 2022)
- Insiders Guide to Mobile AppSec with Latest OWASP MASVS (OWASP Toronto Chapter, Feb 10 2022)
- Insiders Guide to Mobile AppSec with Latest OWASP MASVS (OWASP Virtual AppSec 2021, Nov 11 2021)
- Insiders Guide to Mobile AppSec with OWASP MASVS (OWASP Northern Virginia Chapter, Oct 8 2021)
- and more
Donators
While both the MASVS and the MASTG are created and maintained by the community on a voluntary basis, sometimes a little bit of outside help is required. We therefore thank our donators for providing the funds to be able to hire technical editors. Note that their donation does not influence the content of the MASVS or MASTG in any way. The Donation Packages are described on our OWASP Project page.