All of our contributors are listed in the Contributing section of the OWASP MAS website:
MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word.
🥇 Being an "MAS Advocate" is the highest status that companies can achieve in the project acknowledging that they've gone above and beyond to support the project.
We will validate this status according to these categories:
- 1.Showing Adoption: it should be clear just from looking at the official company page that they have adopted the OWASP MASVS and MASTG. For example:
- Services / Products
- Resources (e.g. blog posts, press releases, public pentest reports)
- 2.Providing consistent high-impact contributions: by continuously supporting with time/dedicated resources with clear/high impact for the OWASP MAS project.
- Content Pull Requests (e.g. adding/upgrading existing tests, tooling, maintaining code samples, etc.)
- Technical PR reviews
- Improving automation (GitHub Actions)
- Upgrading, extending or creating new Crackmes
- Moderating GitHub Discussions
- Providing high-value feedback to the project and for special events such as the MASVS/MASTG refactoring.
- 3.Spreading the word and promoting the project with many presentations each year, public trainings, high social media involvement (e.g. liking, re-sharing, doing own posting specifically to promote the project).
NOTE: You have to satisfy all three categories in order to qualify as an MAS Advocate. However, you do not need to fulfill each and every bullet point (they are examples). In general, you must be able to clearly show the continuity of your contributions and high impact for the project. For example, to fulfill "2." you could demonstrate that you've been sending high-impact Pull Request in the initial 6 months period and intend to continue to do so.
- Company logo displayed in our main READMEs and main OWASP project site.
- Linked blog posts in the MASTG will include the company name.
- Special acknowledgement on each MASTG release containing the contributed PRs.
- Re-shares from the OWASP MAS accounts on new publications (e.g. retweets).
- Initial public "Thank You" and yearly after successful renewal.
If you'd like to apply please contact the project leaders by sending an email to Sven Schleier and Carlos Holguera who will validate your application. Please be sure to include sufficient evidence (usually in the form of a contribution report including URLs linking to the corresponding elements) showing what you've done in the 6 months period that goes inline with the three categories described above.
- If the "MAS Advocate" status is granted and you'd like to maintain it, the aforementioned contributions must remain consistent after the initial period as well. You should keep collecting this evidence and send us a contribution report yearly.
- Re-shared publications and blog posts linked in MASTG text must be educational and focus on mobile security or MASVS/MASTG and not endorse company products/services.
- Advocate Companies may use the logo and links to MASVS/MASTG resources as part of their communication but cannot use them as an endorsement by OWASP as a preferred provider of software and services.
- Example of what's ok: list MAS Advocate status on website home page, in "about company" slides in sales presentations, on sales collateral.
- Example of what's not ok: a MAS Advocate cannot claim they are OWASP certified.
The OWASP Foundation is very grateful for the support by the individuals and organizations listed. However please note, the OWASP Foundation is strictly vendor neutral and does not endorse any of its supporters. MAS Advocates do not influence the content of the MASVS or MASTG in any way.
We'd like to thank NowSecure for its exemplary contribution which sets a blueprint for other potential contributors wanting to push the project forward.
High-impact Contributions (time/dedicated resources):
A special mention goes for the contribution to the MASVS Refactoring:
- Significant time investment to drive the discussions and create the proposals along with the community
- Testability Analysis
- Feedback on each category proposal
- Statistics from internal analysis
Spreading the Word:
- "Mobile Wanderlust"! Our journey to Version 2.0! (OWASP AppSec EU, Jun 10 2022)
- Insiders Guide to Mobile AppSec with Latest OWASP MASVS (OWASP Toronto Chapter, Feb 10 2022)
- and more
While both the MASVS and the MASTG are created and maintained by the community on a voluntary basis, sometimes a little bit of outside help is required. We therefore thank our donators for providing the funds to be able to hire technical editors. Note that their donation does not influence the content of the MASVS or MASTG in any way. The Donation Packages are described on our OWASP Project page.