[caption id=”attachment_17625” align=”alignnone” width=”600”] AppVet (Image: NIST)[/caption]
There’s now an AppVet for that.
The National Institute of Standards and Technology has released an open source tool, AppVet, that makes it easier for agencies to test mobile applications security and reliability.
From the official press release:
The application manages app vetting workflow that involves submitting apps to testing tools—for virus-detection and reliability, for example—receiving reports and risk assessments from tools, and combining risk assessments from these tools into a single risk assessment. Human analysts from the organization review the reports and risk assessments and decide whether to approve or reject the app according the organization's requirements. AppVet does not do any testing itself, it manages third-party test programs. One advantage of AppVet is that it provides specifications, Applications Programming Interfaces, and requirements that facilitate easy integration with third-party test tools as well as clients, including app stores. For example, AppVet defines a simple API and requirements for submitting apps to, and receiving reports from, third-party test tools.
AppVet spawned from NIST’s work with Defense Advanced Research Projects Agency that focused on providing app assurance testing prior to military field use.