News came out today of the Department of Homeland Security’s “playbook” for developing secure mobile apps, this includes their “carwash” approach of continuous integration, mobile app security testing, source code management and issue tracking.
From what Rob Palmer said of the “playbook” for secure mobile development this focuses on the development process, app security testing, and development platforms in use.
Palmer’s approach to mobile security is encouraging, showing how it’s possible to do it right and account for the different stakeholders involved, from the business owner though to the developer.
This has created more work for the CIO at DHS, however, it’s now being adopted by other government agencies such as the State Department.
Palmer’s thinking sounds very much in line with ours at Codified Security, we’d love to get a look at his “playbook” if it’s ever released to the public. It’s the kind of guidance that would be of considerable value to the app development community.
Update, 27 April 2016, DHS mobile app security testing now available
A PDF of the Department of Homeland Security’s Playbook for mobile app security testing is now available here.