add news about mas score formula (#2436)

OWASP · Sep 20, 2023 · 1d0be62 · 1d0be62
1 parent 14e2587
commit 1d0be62
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/docs/assets/news/mas_formula_paper.png b/docs/assets/news/mas_formula_paper.png
diff --git a/docs/news.md b/docs/news.md
@@ -9,6 +9,31 @@ hide:
 
     Follow [:material-twitter: @OWASP_MAS](https://twitter.com/OWASP_MAS) to get the latest updates instantly.
 
+## Sep 20th, 2023: Request for Community Review: New Risk Assessment Formula for Mobile Applications
+
+We are excited to announce the release of a new collaborative effort between industry, academia, and the OWASP Mobile Application Security (MAS) project. This document introduces a novel formula designed to measure the risk associated with mobile applications.
+
+<a href="https://docs.google.com/document/d/1dnjXoHpVL5YmZTqVEC9b9JOfu6EzQiizZAHVAeDoIlo/edit?usp=sharing"><img style="border-radius: 5px" src="../assets/news/mas_formula_paper.png"/></a>
+
+**Document Highlights:**
+
+- The formula is grounded in the industry standard Mobile Application Security Verification Standard (MASVS).
+- It calculates risk based on the probability of an application being compromised and the potential impact of such a compromise.
+- The document also explores the possibility of a more nuanced risk assessment using the Mobile Application Security Testing Guide (MASTG) tests.
+- We provide a high-level walkthrough of the formula's application to individual apps as well as its extension to a device-level risk scoring, with a special focus on preloaded applications.
+- Lastly, the document discusses potential future enhancements like the inclusion of dynamic industry data and severity scaling factors with the intention of publishing an academic paper.
+
+**Call to Action:**
+
+We invite you to review the document and share your comments, feedback, and suggestions. Your insights are invaluable to us and will contribute significantly to the final version.
+
+**Review Timeline:** until October 31, 2023
+
+Please follow the link here to access the document: <https://docs.google.com/document/d/1dnjXoHpVL5YmZTqVEC9b9JOfu6EzQiizZAHVAeDoIlo/edit?usp=sharing>
+
+By collaborating on this initiative, we aim to provide a structured and flexible framework for risk assessment that assists organizations and individuals in making informed security decisions.
+We look forward to your active participation and valuable feedback!
+
 ## Jul 28th, 2023: MAS Testing Profiles and MASTG Atomic Tests - Paving the Way for Next-Level Mobile Application Security
 
 The MASTG refactoring is a significant upgrade that addresses some existing challenges and introduces exciting new features. It aims to streamline compliance, simplify testing and improve usability for security testers and other stakeholders.