Red Hat, Inc, of Raleigh, NC and Kryptowire of Fairfax, VA announced on September 6 that the companies have been awarded a contract from the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to advance mobile application lifecycle security.
The grant for the project—titled “Assured Mobile Application Lifecycle using Red Hat Enterprise”—was announced in a DHS S&T press release.
In May, DHS S&T announced the findings of its “Study on Mobile Device Security”, conducted in coordination with the National Institute of Standards and Technology and its National Cybersecurity Center of Excellence. According to that announcement, “[t]he study found that the threats to the Federal government’s use of mobile devices—smartphones and tablet computers running mobile operating systems—exist across all elements of the mobile ecosystem. These threats require a security approach that differs substantially from the protections developed for desktop workstations largely because mobile devices are exposed to a distinct set of threats, frequently operate outside of enterprise protections and have evolved independently of desktop architectures.”
Through the DHS S&T Mobile Application Security project, Red Hat and Kryptowire will help to address this mobile security gap by developing a framework for automation of security and privacy compliance in the mobile application lifecycle. To do so, the companies plan to collaborate on the following development initiatives:
- A Red Hat Mobile Application Platform extension that will use Kryptowire’s mobile application testing capabilities to automatically enforce checks throughout the mobile application development process to enable code and third-party library compliance with U.S. mobile security standards.
- Security updates and notifications to address new security or privacy vulnerabilities that affect an application while it is already deployed, enabling end-users to more quickly address new threats. Updates can be enforced in several ways, including user notifications and denial of back-end services. Red Hat and Kryptowire propose augmenting the support for security notifications and updates by including additional re-usable services in Red Hat Mobile Application Platform.
- Optimization of Kryptowire’s mobile application certification platform for Red Hat Mobile Application Platform’s processes, with a goal of creating a commercial solution that will improve end-to-end mobile security solutions throughout DHS and other U.S. government agencies.