Mobile

NIST shares tool for vetting mobile apps

The National Institute of Standards and Technology has launched a web-based application for developers to assess their self-created mobile apps for risk and hosting requirement conformity. The app, called AppVet, is free to use and is designed to be accessed through a browser. 

While NIST does not host or run AppVet for public use -- "NIST does not accredit or approve apps," the project's FAQ flatly states -- the tool can be downloaded and run by any interested organization.

“AppVet is a simple web-based application for vetting mobile apps,” according to NIST. “It facilitates the app vetting workflow by providing an intuitive user interface for submitting and testing apps, accessing reports, and assessing risk.”

The process begins when someone submits an app, which is analyzed by extracting its metadata. Once analyzed, additional functionality can be provided according to the requirements of the hosting organization. The app and its information are then sent to other tools for assessment and an overall report is generated.

It was designed for developers, analysts and app stores and can be easily integrated with third-party tools, such as static and dynamic analyzers, anti-virus scanners and vulnerability repositories. And the risk assessment that it generates is ultimately determined by those third-party components.  Users are strongly urged to use a standardized approach such as the Common Vulnerability Scoring System to make risk assessments.

About the Author

Reid Davenport is an FCW editorial fellow. Connect with him on Twitter: @ReidDavenport.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group