NIST Issues Revised Guidelines for Mobile App Security Vetting

The National Institute of Standards and Technology (NIST) has published a revised version of its Vetting the Security of Mobile Applications special publication. Despite their utility, mobile applications, or “apps,” can pose serious security risks to an organization and its users due to vulnerabilities that may exist within their software. Such vulnerabilities may be exploited to steal information, control a user’s device, deplete hardware resources, or result in unexpected app or device behavior. To address these challenges, this publication defines an app vetting process and provides guidance on planning and implementing an app vetting process, developing security requirements for mobile apps, identifying appropriate tools for testing mobile apps and determining if a mobile app is acceptable for deployment on an organization’s mobile devices. An overview of techniques commonly used by software assurance professionals is provided, including methods of testing for discrete software vulnerabilities and misconfigurations related to mobile app software.