Mobile app security standard for IoT, VPNs proposed by group backed by Big Tech

Mobile app security standard for IoT, VPNs proposed by group backed by Big Tech

On Thursday the ioXt Alliance, an Internet of Things (IoT) security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire.


The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.

"This security baseline helps mitigate against common threats and reduces the probability of significant vulnerabilities," said Brooke Davis and Eugene Liderman, from Google's Android security and privacy team, in a blog post.


"The profile leverages existing standards and principles set forth by OWASP MASVS and the VPN Trust Initiative, and allows developers to differentiate security capabilities around cryptography, authentication, network security, and vulnerability disclosure program quality."

Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking? Computer, engage shocked mode


READ MORE

The program focuses on mobile apps because these are typically front-end clients for smart devices and cloud services. It includes an extra set of expectations for virtual private ..