Meeting Notes - February 18 2015

[Jonathan Carter]

Hi Everyone,

Here are the notes from today's Google Hangout:

• Data collection from vendors / consultancies is now in its final stages. We have a few outstanding data sources that we are normalizing (HP & IBM & Veracode).  Jason agrees to complete the normalization of HP data by the end of the week (to meet with Daniel later today to normalize data).  Jonathan to meet with IBM X-Force Threat Intelligence next week at IBM Interconnect event to try one final time to gather more information about proposed data set (better classification). Veracode data needs to be categorized and competed ASAP;

• Jonathan to produce synthesis of data in PPTX deck that highlights key observations from each data set as well as across all data sets.  To be presented to group for final comment / inclusion of additional observations about data. Then, the powerpoint will be published to the list to be used as a defense for later classification schemes / discussions.

• Paco to perform independent classification scheme based on other categorization methods beyond OWASP Mobile Top Ten 2014 (Client vs Server Vulnerabilities; Secure Coding vs Infrastructure vs Others);

General discussion ensued about feedback from AppSec California participants over existing Mobile Top Ten 2014 and desirable changes: M10 Relevance? Mobile Communication issues beyond TCP/IP? AuthN vs AuthZ split?

Jonathan requests that everyone submit top newsworthy events as another source of data to consider during classification / organization events.

We will be meeting on Monday, March 2 2015 to go over Jonathan's Synthesis / Paco's Synthesis / and summarize key observations into final PPTX to be distributed to group.  This meeting will finalize the data collection and synthesis stage and move us into the next stage of categorization.