It seems that many organizations outsource mobile application development. Therefore, it is extremely important to ensure that security is a requirement enumerated in the contract (SLA, MSA, etc.) with said vendor.
Specifically, organizations should provide security requirements (logging, access controls, cryptography, IAM / IdM), perform threat modeling during design, perform static and dynamic analysis testing, as well as execute misuse cases during testing all with said vendor.
Malware in becoming more and more prevalent, especially on devices. So, organizations beware.
No comments:
Post a Comment