MSTG makes mobile app security understandable for devs #2073
vixentael
started this conversation in
Kind Words
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
MASVS allows mapping the whole variety of security recommendations into standalone requirements, calculating and tracking the "security score"1 metric. The "security score" is an easy-to-understand metric for product managers and CTOs, as it's very straightforward. If "security score" is at the same level – the product is stable, "security score" is going down – need to plan a security sprint, "security score" going up – great job in securing our app.
MSTG is what makes calculating the "security score" achievable for developers. It translates scary requirements into a set of simple steps – "do this", "measure this", "take a look at this".
With MSTG, every developer can understand the current security posture of their app, measure it and communicate it to their managers and users.
Kudos to everyone who is maintaining, writing and re-writing, commenting and asking questions in the MSTG project 👏
Footnotes
Ofc, it's an oversimplification as the application security is a never-ending process, but communicating a product security metrics really helps to make security work accountable, plan and push it forward. ↩
Beta Was this translation helpful? Give feedback.
All reactions