NIST Tool Vets Government Apps
Government agencies looking to vet apps have a new tool from the National Institute of Standards and Technology (NIST).
AppVet is a simple web-based application. "AppVet is designed to easily and seamlessly integrate with a wide variety of third-party tools including static and dynamic analyzers, anti-virus scanners, and vulnerability repositories through the specification of simple APIs and requirements," says the site.
Unlike checking systems at Apple and Google, AppVet is designed for developers who produce apps from internal use by government agencies. The application returns a PASS, WARNING or FAIL risk assessment at the end.
"When AppVet receives an app, it registers the app and performs some pre-processing of the app. Preprocessing is used to extract meta-data about an app and possibly provide additional functionality such as ensuring that the app conforms to specific requirements of the hosting organization. After preprocessing an app, AppVet sends the app and related information to one or more tools for testing and evaluation. When a tool completes its analysis, it returns a report and risk assessment to AppVet which, in turn, makes them available to clients."