Skip to content

Acknowledgments

Contributors

All of our contributors are listed in the Contributing section of the OWASP MAS website:

https://mas.owasp.org/contributing/

MAS Advocates

Being a "MAS Advocate" is the highest status that companies can achieve in the OWASP MAS project, acknowledging that they've gone above and beyond, continuously supporting the project with time/dedicated resources with clear/high impact.

To achieve this status, you'll need to demonstrate that you make consistent high-impact contributions to the project. The baseline or the minimum meaningful monthly contribution the following:

  • 1 substantial PR, which includes a full set of Weakness+Tests+Demos
    • Alternatively, as this is currently a priority, several PRs focused on porting v1->v2 tests (equivalent effort to the above, must include at least one demo per test).
  • 2-3 in-depth PR reviews or issue support
    • Involving a thorough analysis, constructive feedback, and actionable suggestions that demonstrate a clear understanding of the topic.
    • Reviews should go beyond surface-level comments and, where necessary, include research to provide well-informed insights.
  • Active participation in the MAS Task Force, which includes:
    • Presenting your work, asking questions, and discussing new ideas/changes.
    • Proactive follow-up on tasks and initiatives.

Important Note: Contributions should align with OWASP quality guidelines and project priorities.

Initial evaluation period: Consistency over a sustained period of time (min. 6 months) is fundamental. Note that the 6-month timeframe is a minimum and may extend depending on the nature and impact of your contributions.

Benefits

  • Company logo displayed in our main READMEs and main OWASP project site.
  • Special acknowledgement on each MASTG release containing the contributed PRs.

How to Apply

If you'd like to apply please contact the project leaders by sending an email to Sven Schleier and Carlos Holguera who will validate your application and provide you with a contribution report.

After the initial evaluation period (see above), you'll need to send back the contribution report including sufficient evidence (e.g links to PRs) showing what you've done in that period that goes inline with "the minimum meaningful monthly contributions".

Important Disclaimers

Renewals

If the MAS Advocate status is granted and you wish to maintain it, contributions must remain consistent beyond the initial evaluation period. Advocates must continue collecting evidence and submit a yearly contribution report.

Financial Donations

Financial donations are not part of the eligibility criteria for MAS Advocate status.

Non-Endorsement

Advocate companies may use the OWASP MAS logo and reference MASVS/MASTG resources in their communications. However, they cannot present this as an endorsement by OWASP or imply that they are a preferred provider of software or services.

Revocation of MAS Advocate Status

MAS Advocate status will be revoked immediately if a company fails to comply with the guidelines. For example:

  • Acceptable Use: Listing MAS Advocate status on a website homepage, in "About Company" slides for sales presentations, or in sales collateral.
  • Non-Compliant Use: Claiming OWASP certification, OWASP endorsement, or being a preferred vendor of OWASP or the MAS project.

Non-Certification & Non-Vetting Disclaimer

OWASP does not certify, validate, or vet any vendors, software, or trust marks. Claims of MASVS/MASTG/MASWE compliance are not officially recognized by OWASP or the OWASP MAS project. Organizations should exercise caution when relying on such claims.

Vendor Neutrality

The OWASP Foundation is strictly vendor-neutral and does not endorse any of its supporters.

Governance and Editorial Independence

MAS Advocates may contribute to discussions, provide feedback, and suggest improvements to the OWASP MAS resources. However, they do not have decision-making authority over the final content, which remains under the control of the OWASP MAS project leaders.

Our MAS Advocates

We'd like to thank NowSecure for its exemplary contribution since 2022 which sets a blueprint for other potential contributors wanting to push the project forward.

NowSecure's Contributions to the MAS Project

High-impact Contributions:

  • Content PRs
  • Technical Reviews for PRs
  • Participation in GitHub Discussions

A special mention goes for the contribution to the MASVS and MASTG Refactoring as well as the creation of the OWASP MASWE.

In the past, NowSecure has also contributed to the project and has donated the Android UnCrackable L4.