New U.S. Securities and Exchange Commission (SEC) regulations for cybersecurity disclosures will reshape how companies report on risk management strategies and disclose and manage security incidents. Changes to the federal government agency’s reporting requirements took effect in December 2023. Experts expect the mandatory enhanced cybersecurity disclosures to compel companies to enhance proactive protection measures to better manage risk. NowSecure Founder Andrew Hoog recently shed light on the intersection of mobile app security and regulatory disclosures in a NowSecure Connect 2024 virtual ..read more

You have legal obligations to secure customer and enterprise data which includes your suppliers. What assurances do you have that they are secure? Businesses entrust their data to an ever-expanding number of suppliers, including technology and Software as a Service (SaaS) providers. The days when most companies strongly favored self-hosted solutions are gone, with the average company SaaS portfolio at 342 applications in 2023, according to Productiv. SaaS providers often handle the most critical and sensitive data: CRM records, HR files, accounting/ledgers, source code, product plans, go-to-ma ..read more

NowSecure remains the only enterprise-grade mobile application security testing (MAST) provider with a SOC 2 certified cloud platform. Our latest annual independent security audit covering the NowSecure Platform for automated mobile app security testing is complete, and the SOC 2 Type 2 report is available to customers and qualified prospects via our compliance portal. The audit report for the period ending April 30, 2024, attests that NowSecure has security controls suitably designed and effectively operated to meet our commitment to customer security. NowSecure remains the only enterprise-gr ..read more

As mobile app privacy endures increasing scrutiny, developers and application security managers must prioritize compliance with privacy regulations such as Global Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Children’s Online Privacy Protection Act (COPPA) and Federal Trade Commission (FTC) rules to avoid fines and penalties.  Large multi-million dollar fines and enforcement actions against security and privacy breaches demonstrate severe consequences for failing to provide transparency around data collection and usage or not properly safeguarding sen ..read more

The Singapore Cyber Security Agency (CSA) paved the way in establishing national mobile app safety guidelines with the January 2024 introduction of the Safe App Standard. Designed in consultation with industry experts, the Safe App Standard sets a baseline of recommended security controls to ensure developers follow best practices for secure application development. The standard aims to provide peace of mind to users of high-risk apps by enhancing safety, security and protection to foster trust and resilience in the digital ecosystem. According to the CSA, some 80% of users have installed util ..read more

Mobile health (mHealth) apps revolutionize healthcare delivery and transform patient outcomes. mHealth apps empower patients to better manage their health by providing personalized monitoring, tracking and therapeutic support, all from the convenience of their mobile apps.  Buoyed by the COVID-19 pandemic and the rise of remote patient monitoring, there are now more than 350,000 health apps found in app stores worldwide. The GlobalData ‘Regulated mHealth Apps’ report forecasts the regulated medical apps market to reach $156 billion in 2033.  As demand for mHealth apps continues to cl ..read more

Mobile app development teams often struggle to ship high-quality software on time and on budget. Developers face the pressure of accelerated release cycles, revenue demands, bug fixes, security breaches and compliance and regulatory requirements. Given an intense focus on developer efficiency and user experience, it’s inevitable that security and privacy issues can creep into their code.  The OWASP Mobile Application Security Verification Standard (MASVS) sets the global industry standard for mobile application security. Mobile app developers and architects should use the MASVS set of con ..read more

The beginning of 2024 saw approximately 3.4 million apps available for download from the Google Play Store, and around 1.9 million apps available in the Apple App Store. That total continues to grow and more than 52,000 new apps were added to Google Play in February alone. Mobile app developers strive to rapidly introduce new features and streamline the development process across platforms. One way to do this is to take advantage of iOS and Android Software Development Kits (SDK). Mobile SDKs are predeveloped collections of software libraries that give developers a shortcut in introducing new ..read more

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) released a secure software development attestation form on March 11, 2024, in a long awaited followup to Executive Order (EO) 14028. EO 14028, “Improving the Nation’s Cybersecurity,” outlines the federal cybersecurity strategy to reduce software supply-chain risks. The OMB M-22-18 memo, “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices” and the M-23-16 update stipulate that federal agencies may use software only if the provider attests to ..read more

Mobile penetration testing helps businesses defend against cyberattacks, safeguard data privacy and preserve brand reputation. Best practices call for continuous automated mobile application security testing throughout the software developement lifecycle to gain speed and efficiency. However, organizations should augment automation with manual mobile penetration testing for certain high-risk mobile apps to achieve the greatest coverage.  In today’s digital landscape, security analysts and developers understand the imperative of ensuring the security and privacy of mobile applications. Whi ..read more