We’ve written (along with many others) about the need for an improved infrastructure to secure mobile apps. The type of infrastructure we’re talking about isn’t one that is built overnight, nor is it built by one person or organization. The type of infrastructure that is needed requires collective intelligence from businesses, security service providers (both hardware and software), developers and more.
Case and point: the FTC recently announced that it is seeking public comment in its continued exploration of mobile app security. This comes in the aftermath of recent settlements of Fandango and Credit Karma with the FTC regarding the security of their mobile apps.
At Moki, we’re fortunate to have stellar partners and find great satisfaction in getting involved with organizations who are facilitating activity that drives a more secure mobile app infrastructure forward.
If you’re interested in learning more about initiatives or organizations who are working to protect users and businesses attack vectors (mobile or otherwise), here are two that we’re excited about.
PCI Security Standards Council
The PCI Security Standards Council is an open global forum that is responsible for developing, managing, educating and creating awareness for PCI Security Standards. These standards are set forth for businesses to help them mitigate risks of data breaches and prevent credit card fraud.
The payment industry is ever-evolving with new technologies and payment systems – mobile being a key driver – and the PCI Security Council and its standards play a critical role in ensuring that businesses are taking the necessary measures to protect themselves and their customers from fraud. The PCI Security Standards website (www.pcisecuritystandards.org) has a plethora of information regarding how to ensure compliance and why meeting compliance standards is an important investment for businesses.
Moki is a PCI participating organization and our CTO, Jared Blake, is a member of the PCI Mobile Taskforce.
The Open Web Application Security Project (OWASP) is a not-for-profit organization focused on improving the security of software. OWASP’s mission is to make software security visible so that individuals and organizations can make more informed decisions about software security risks.
OWASP members work together to identify and execute on important initiatives surrounding application security. Membership ranges from employees of participating organizations to individuals looking to add to the collective intelligence on their own free time.
The OWASP website (www.owasp.org) has resources aimed at helping individuals and businesses better understand what is needed to create secure applications and helps them have a basic understanding of the risks that applications face. There is also information on the various initiatives that OWASP members are engaged in and how to get involved.