Certifiably Mobile

by

Earlier this month, Symantec released its Internet Security Threat Report for 2010, and much like other reports on the state of software security for last year it showed significant increases in malware and other threats to application software and websites. In all, Symantec reported 286 million new Internet threats in 2010.

Most surprising was the rise in Web attacks from 2009 to 2010. Symantec reported a 93% jump in web-based attacks year-over-year.

On the mobile side, Fahmida Y. Rashid at eWEEK reported that Symantec also saw a considerable increase in vulnerabilities in mobile operations systems in 2010. Last year saw 163 vulnerabilities compared to 115 in 2009, an increase of 42%. Rashid is quick to add that while the total number of mobile vulnerabilities paled in comparison to web-based attacks, Symantec predicted that the number would continue to increase at a very high rate in 2011.

Much Mobile Malware

What we’ve seen so far in 2011 bears out this prediction. We have already seen one story after another about mobile malware grabbing headlines, many of them directly related to the Android operating system. And these malware applications have been showing up in quite rapid succession.

But is the problem the operating system, the applications or the app store policies that Google practices?

Perhaps the answer to that lies in Kenneth van Wyk’s comments at Computerworld where he goes so far as to call these appearances of malware in the Android App Store “inevitable.” He says, “The recent spate of malware-infested apps found in the Android Market illustrates the point. Mistakes are going to happen, even if our app providers undertake reasonable precautions in guarding their stores.”

At the crux of the problem, van Wyk points to Google’s loose review process for allowing applications to be posted to its app store. He notes that Apple has a team of reviewers reviewing submissions for its app store. As for Google, he points out, “the Android Market is far less rigorous in its review processes. That's being charitable.”

Van Wyk does say that even Apple’s app store has its share of malware issues, “Mistakes are going to happen,” he says. He then provides tips for mobile device users about how to protect themselves and their devices by being more aware of what they are downloading.

No kidding.

With all of our technology and all the parties involved with mobile applications – from the developer, to the reviewers at the app store to the buyers – there must be a better strategy for preventing a spate of malware from affecting mobile devices than a combination of “buyer beware” and “every man for himself.”

SaaSy Certification

Because so much of business today is conducted on mobile devices that access enterprise networks, an independent third-party assessment program is needed to ensure that applications being accessed via mobile are safe, structurally sound and efficient.  The same holds true for consumer apps, such as games and ads.

It is time for the entire mobile application software community to organize and adopt a certification process that can provide independent accreditation of mobile applications. This process should be simple to access and relatively inexpensive, like in a Cloud-based portal . Such a portal would automatically analyze and measure the code and provide feedback on software size and health, based on industry norms, standards and best practices. This would allow mobile software developers to seek and provide to consumers a piece of third-party corroboration that their applications are robust and free of malware.

If legitimate developers were to seek such mobile application certification, and if app stores were to require it, buyers would no longer have to beware because rather than “every man for himself,” mobile malware prevention would be a case of “all for one, and one for all.”

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|