Skip to content

Request for Community Review: New Risk Assessment Formula for Mobile Applications

Sep 20th, 2023: Request for Community Review: New Risk Assessment Formula for Mobile Applications

We are excited to announce the release of a new collaborative effort between industry, academia, and the OWASP Mobile Application Security (MAS) project. This document introduces a novel formula designed to measure the risk associated with mobile applications.

Document Highlights:

  • The formula is grounded in the industry standard Mobile Application Security Verification Standard (MASVS).
  • It calculates risk based on the probability of an application being compromised and the potential impact of such a compromise.
  • The document also explores the possibility of a more nuanced risk assessment using the Mobile Application Security Testing Guide (MASTG) tests.
  • We provide a high-level walkthrough of the formula's application to individual apps as well as its extension to a device-level risk scoring, with a special focus on preloaded applications.
  • Lastly, the document discusses potential future enhancements like the inclusion of dynamic industry data and severity scaling factors with the intention of publishing an academic paper.

Call to Action:

We invite you to review the document and share your comments, feedback, and suggestions. Your insights are invaluable to us and will contribute significantly to the final version.

Review Timeline: until October 31, 2023

Please follow the link here to access the document: https://docs.google.com/document/d/1dnjXoHpVL5YmZTqVEC9b9JOfu6EzQiizZAHVAeDoIlo/edit?usp=sharing

By collaborating on this initiative, we aim to provide a structured and flexible framework for risk assessment that assists organizations and individuals in making informed security decisions. We look forward to your active participation and valuable feedback!