Mobile

NIST shares tool for vetting mobile apps

The National Institute of Standards and Technology has launched a web-based application for developers to assess their self-created mobile apps for risk and hosting requirement conformity. The app, called AppVet, is free to use and is designed to be accessed through a browser. 

While NIST does not host or run AppVet for public use -- "NIST does not accredit or approve apps," the project's FAQ flatly states -- the tool can be downloaded and run by any interested organization.

“AppVet is a simple web-based application for vetting mobile apps,” according to NIST. “It facilitates the app vetting workflow by providing an intuitive user interface for submitting and testing apps, accessing reports, and assessing risk.”

The process begins when someone submits an app, which is analyzed by extracting its metadata. Once analyzed, additional functionality can be provided according to the requirements of the hosting organization. The app and its information are then sent to other tools for assessment and an overall report is generated.

It was designed for developers, analysts and app stores and can be easily integrated with third-party tools, such as static and dynamic analyzers, anti-virus scanners and vulnerability repositories. And the risk assessment that it generates is ultimately determined by those third-party components.  Users are strongly urged to use a standardized approach such as the Common Vulnerability Scoring System to make risk assessments.

About the Author

Reid Davenport is a former FCW editorial fellow. Connect with him on Twitter: @ReidDavenport.

Featured

  • Workforce
    online collaboration (elenabsl/Shutterstock.com)

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

Stay Connected