Veracode has announced the launch of a mobile application security verification service.
Currently providing application security verification for RIM's BlackBerry operating system (OS) and Windows Mobile, with support for Google's Android OS and the Apple iOS to come later in 2011, it said that as rapid adoption of mobile devices and mobile apps is now a critical part of an enterprise IT strategy, these have created a significant and unbounded security risk.
Matt Peachey, VP EMEA at Veracode, said: “CIOs and CISOs are increasingly aware that next-generation software infrastructure for their enterprise is increasingly ‘cloud-sourced' and developed from unknown or untrusted third-party app stores and developers.
“While the cost and functional benefits of embracing the cloud are many, it is critical to ensure the security risks associated with this model are controlled. Veracode's broadened platform support will enable security professionals to implement mobile app security policies as easily as they do for internally developed applications.”
As well as the extended support, Veracode has also announced the Mobile App Top Ten list, the goal of which is to serve as an industry standard for categorising malicious functionalities and as a checklist of vulnerabilities that developers and security teams can collectively utilise.
Chris Wysopal, CTO of Veracode, said: “While much has been done in terms of setting standards for the security of web applications, we felt it was necessary to extend the same rigorous framework to mobile. In the mobile app market, we see both inadvertent coding errors and intentional, malicious code as security culprits.
“We strongly recommend industry-wide adoption of the mobile app top ten for the development of apps; as part of an app store vetting process; for acceptance testing of an app; or for use by providers of security software running on mobile devices.”