Currently the MASVS and MSTG are used by at least the following companies:
- 7asecurity
- Brewsec
- Briskinfosec Technology and Consulting Pvt Ltd
- Citadelo
- Comsec
- continuumsecurity
- Cyber Ninjas
- ESCRYPT GmbH
- FH Münster - University of applied sciences
- Genexus & Genexus Consulting
- Hackenproof
- Infosec
- Lucideus Inc.
- Netguru
- NowSecure
- NVISO CVBA
- Randorisec
- Secarma
- SecuRing
- Stingray Technologies
- STM Solutions
- Toreon
- VantagePoint
- Vertical Structure
- Websec Canada
- Xebia
Note: the quality of the application of the MASVS/MSTG by these companies has not been vetted by the MSTG team. It is just an indicator of adoption reported publicly.
Currently, the MASVS and MSTG are recommended by:
- Egov standards for India
- Finish Transport and Communication Agency (TRAFICOM) - Assessment guideline for electronic identification services (Draft)
- Mobile Initiated SEPA Credit Transfer Interoperability Implementation Guidelines, including SCT Instant (MSCT IIGs)
- Vetting the Security of Mobile Applications: NIST Publishes SP 800-163 Revision 1
Are you actively using the MASVS or MSTG and want to be listed here? File an issue on GitHub, contact Sven Schleier (Slack: Sven) or Carlos Holguera (Slack: Carlos), or send an email to Sven or Carlos.