The National Institute of Standards and Technology (NIST) has released a new report titled “Vetting the Security of Mobile Applications.” The report urges enterprises to put apps through a “vetting” process that includes security testing before allowing employees to use them.
“This process is performed on an app after the app has been developed and released for distribution but prior to its deployment on an organization?s mobile device,” the NIST wrote. “An app vetting process acknowledges the concept that someone other than the software vendor is entitled to evaluate the software?s behavior, allowing organizations to evaluate software in the context of their own security policies, planned use, and risk tolerance.”
The report points out that the mobile development industry hasn’t always done a good job with security, and says that enterprises shouldn’t rely on app stores or other third parties to verify security. It details the types of vulnerabilities enterprise testers should look for as well as the kind of tests that can find them.