Menu
NIST taking input for mobile security guidelines

NIST taking input for mobile security guidelines

A new NIST publication aims to alert enterprises of potential security dangers within commercial apps

The U.S. National Institute of Standards and Technology (NIST) is developing a guide for testing third-party apps to ensure that they are secure and don't introduce any vulnerabilities.

The government agency has prepared a draft of its recommendations, "Technical Considerations for Vetting 3rd Party Mobile Applications," and is seeking industry feedback by Sept. 18. The aim is to help enterprises make full use of commercial mobile programs.

"Agencies and organizations need to know what a mobile app really does and to be aware of its potential privacy and security impact so they can mitigate any potential risks," said NIST computer scientist Tom Karygiannis in a statement announcing the release of the draft.

The draft publication "describes tests that allow software security analysts to discover and understand vulnerabilities and behaviors before the app is approved for use," Karygiannis said.

The document, once finished, will give organizations a guide for testing third-party apps that they may want to use for official business. It will also detail the different types of vulnerabilities commonly found on Android and Apple iOS devices.

Many of today's mobile apps, such as calendars, require access rights to various parts of the device's OS. Granting permissions to these apps, however, can introduce security vulnerabilities to a secured system. For instance, giving a collaboration app access to a contact list could inadvertently reveal names on the list that should remain private.

Mobile devices can also gather a lot of data unbeknownst to the owner of the device. Malware, for instance, could be surreptitiously installed to record phone conversations, or users could be secretly tracked through the phone's GPS functionality.

In addition to offering techniques for testing and vetting apps, the publication will also provide descriptions of undesirable behavior, how to manage an app through its entire life cycle, and examples of how vulnerabilities could lead to system compromises.

Beyond security, the publication will also detail how to manage the power that apps can consume on a device.

An agency within the U.S. Department of Commerce, NIST works with industry to develop standards and technologies to encourage innovation, advance U.S. economic competitiveness and improve the quality of life.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitymobile securityU.S. National Institute of Standards and Technology

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments